Package management

From Sysadmin

Jump to: navigation, search

Packages vs Compiling

It is discouraged for organisations to compiling their own versions of software from original source. While common in the past this now represents a management and security concern. Compiling locally shifts the responsibility for security updates from the vendor to the local sysadmins. The local sysadmins need to recompile and install the apps every time there is a vulnerability. This drives up the management overhead and raises other concerns. Questions arise such as:

  • Will they always use the same compile time flags? Even large vendors don't always sustain consistent use of compile time flags.
  • Will they always use the same version of the compiler?
  • Will they backport the patch or compile a new version? If they compile a new version then the behaviour may well change. A full test cycle would be needed before deployment, assuming it even passes.
  • Will it be done in a timely fashion? Busy sysadmins might let it slip, to catastrophic consequences.
Retrieved from "http://www.practicalsysadmin.com/wiki/index.php/Package_management"
Personal tools