Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Should Hosting Companies Have Change Freezes?

Posted by Soulskill on from the what-about-change-burns dept.

AngryDad writes "Today I received a baffling email from my hosting provider that said, 'We have a company-wide patching freeze and we will not be releasing patches to our customers who utilize the patching portal for the months of November and December.' This means that myself and all other customers of theirs who run Windows servers will have to live with several critical holes for at least two months. Is this common practice with mid-tier hosting providers? If so, may I ask Eastern-EU folks to please refrain from hacking my servers during the holiday season?"

3 of 138 comments (clear)

  1. change freeze by Anonymous Coward · · Score: 5, Informative

    I work for a company with 1200+ VMs and the change freeze concept is nothing new. For us, it's only 1 month around new years and mainly due to staffing issues if something goes wrong.

  2. Standard practice by Jethro · · Score: 4, Informative

    Having change freezes is standard practice. Most places I've worked have a short month-end freeze, and a couple of month year-end freeze.

    However, critical security vulnerabilities are exempt from these freezes. Those still get done using whatever emergency protocols are in place.

    --


    In the land of the blind, the one-eyed man is kinky.
  3. Re:windows? what were you thinking? by Penguinisto · · Score: 4, Informative

    No effing way. Only a complete and total newbie would even contemplate that, and I'd fire the first admin who tried to put such a thing in place.

    Exchange as an MTA sits behind firewalls and a spam filter (be it home-brewed atop a Linux machine, or an automated commercial appliance, e.g. Barracuda). OWA you put in its own DMZ, insulated on all ends by industrial-grade firewall/security devices. Even Microsoft anticipated that one, and allows you to rig it exactly like that (with the MTA and all other bits buried in your internal network).

    Back to TFA, I'm curious as to what's stopping the article submitter from sticking in a simple SCCM** box (or at least script something in Powershell that ties into Windows Update) and do his own %}$#@! patching? Relying on anyone other than the OEM to do patches is kinda, well, dumb.

    .
    ** I know, I know - SCCM blows goats. But it's not like it's completely impossible to set up, and besides - that's the price you pay for using so much Windows gear.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?