For what it is worth, our "officially supported" OS list at work
doesn't exactly mirror the availability of security patches, but it is
close enough. We run workstation vulnerability/security scans fairly
regularly, and the first time that a 10.4 system shows up with a
software vulnerability and the recommended fix says "Upgrade to 10.5 or
later".... that will be essentially the death knell.
My biggest problem right now for the federal space is that we're still
waiting on an FDCC config for 10.5, and when we'll see FDCC for 10.6 is
anyone's guess. I'd really LIKE to be able to say all of my Macs are
configured according to FDCC standards, but new hardware purchases will
eventually force us to adopt 10.6 - my primary goal is to be off of
10.4 before that happens so that I don't have to support 3 versions of
the OS at the same time.
Taylor
Nichols, Jared - 1160 - MITLL wrote:
I pointed out to Shawn Geddis that exact point (no
official EOL/documentation) not long ago. The policy here is that if
an OS is no longer receiving security patches, it can't be on our
production network. I don't think it's too outlandish of a policy and
I'm sure plenty of folks on this list work at places with the same
policy. But, without such documentation/policy, we never *really* know
that the OS isn't being patched so therefore, you have all of these
older OSes out on the LAN that by wink-wink nudge-nudge we *know*
aren't being patched, but there's nothing official from Apple backing
that up so we can't actually go to the user or their management and
say, "Look, you have to get it of the LAN or upgrade it"
The policy of having no policy is completely naive if a company
is going to be in Enterprise. There are folks within Apple who agree
that it's asinine... I'm not sure why Apple is so loathe to change this
point. I'm not really sure what damage is occurring when a company
says "our OS from x years ago is no longer going to be patched," heck,
you may get some more sales from that.
I just don't understand it.
---
Jared F. Nichols
Desktop Engineer,
Infrastructure & Operations
Information Services
Department
MIT Lincoln
Laboratory
244 Wood Street
Lexington,
Massachusetts 02420
781.981.5436
On Nov 9, 2009, at 7:47 PM, Dave Schroeder wrote:
Of course, Apple doesn't have an official EOL schedule or
documentation, so we can never "prove" to security staff or executive
leadership that a particular OS is no longer supported. This is further
complicated by the fact that Apple sometimes does provide security
updates for 10.x-2 (where 10.x is the current release of Mac OS X) soon
after 10.x is released.
The best practice that has prevailed since 10.0 is that Apple *always*
provides security and other updates for 10.x and 10.x-1. Once 10.x is
released, anything <=10.x-2 is no longer supported by security
updates.
- Dave
On Nov 9, 2009, at 6:33 PM, Nichols, Jared - 1160 - MITLL wrote:
Yes, that is correct. Typically Apple will
patch OS release N and N-1. 10.4 is now N-2.
---
Jared F. Nichols
Desktop Engineer, Infrastructure &
Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
On Nov 9, 2009, at 7:25 PM, Rex Sanders
wrote:
Apple released security updates today for
10.6 and 10.5, but none for 10.4,
even though the updates covered many
packages (like Apache) present in 10.4
Looks like Apple has dropped support for
Tiger
-- Rex Sanders, USGS
email@hidden
_______________________________________________
Do not post admin requests to the list.
They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list.
They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
W. Taylor Armstrong email@hidden
NOAA's National Ocean Service Domain Infrastructure Team
1305 East-West Highway Phone (301) 713-1156
Silver Spring, MD 20910 http://nos.noaa.gov
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|