Richard Bucker

The problem with patch Tuesday

Posted at — Sep 8, 2016

I’m not sure what or went the origin of Patch Tuesday┬ácame about but the where is unmistakable. Microsoft. It’s not a bad thing to patch a kernel or a whole OS this way, however, scheduling and actually deploying can be a challenge for most operations. By comparison CoreOS does not rely on the customer to perform the patch. CoreOS performs the patch, releases a new version of the OS, and pushes an update to the customer hardware which then installs the update in an A/B fashion.** at about 18:00 the speaker makes the comment; if you think you are going to cherry-pick the patches you are [mistaken or maybe a fool].** earlier in the presentation he talks about the “contract” the Linux Kernel has with it’s users.So my point… [a] Apple distributes patches periodically. Their quality is typically pretty good but the patches are certainly not weekly. Given the Linux mantra I might feel differently about this now. But it’s an all or nothing proposition. [b] Microsoft pushes updates every Tuesday but the user can cherry-pick which patches to apply. This means that there is some combination of patches that will fail based on the complexity of it all. At least every Apple computer that is current has a very similar footprint.The CoreOS plan to replace then entire OS means that cruft is not going to linger. But it also means a different OPS strategy is needed in order to minimize the interruption to the user. Which it probably a better problem to have.