[NCLUG] Daylight Saving Time, and free unices
Chad Perrin
perrin at apotheon.com
Sun Mar 4 16:26:43 MST 2007
On Sun, Mar 04, 2007 at 04:09:24PM -0700, Bob Proulx wrote:
> Chad Perrin wrote:
> > This year, rather than the first of April as you might have expected,
> > DST in North America starts on 11 March. Some OSes are handling this
> > well, with automatic patches available through their respective software
> > management systems. Others, not so well.
>
> Anyone else who maintains their system with current security and
> other critical patches will already have gotten the updated timezone
> files long ago. This is really a non-issue. I personally don't find
> it worth discussing.
Really?
There are several distributions of Linux that still don't provide
patches for it. As I mentioned in the article, there are also
circumstances where (for one reason or another -- such as lack of
broadband Internet access for the system in question) simply updating
patches from the distribution's central archives is not much of an
option. Don't necessarily assume that everyone else's computing
environment is identical to your own.
>
> However what I would find a more interesting question is for anyone
> who believes that they are maintaining a system that is not updated
> and for some reason can't be upgraded to say why they are in that
> position. Why can't they upgrade? What is the issue? That would be
> a much more interesting discussion.
>
> Quite frankly anyone who is suffering from stale timezone data is
> probably also at risk due to real security vulnerabilities that they
> have not fixed. I would not be worried about an incorrect localtime.
> Instead I worry about having the computer cracked with a root-kit.
> That would be the more important problem to worry about.
Haven't you ever had a computer that wasn't on the network? Are you
positive that every single operating system in the world, including
every Linux distribution, has patches available for tzdata?
Last I checked -- a few days ago -- Fedora didn't have a patch for it,
as far as I could find. It had to be updated "manually". Maybe I just
didn't find it, but if so I'm sure I'm not the only one.
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"It's just incredible that a trillion-synapse computer could actually
spend Saturday afternoon watching a football game." - Marvin Minsky
More information about the NCLUG
mailing list