Ask Slashdot: Patch Management For Offline Customer Systems?

New submitter Nillerz writes: What, in your experience, is generally the best way to distribute patches in a way so customers can download them, considering that the machines are offline? Are there any software packages (open source preferred) that pretty much allow engineers to upload a patch with a description to a web server, and allow customers with credentials that are registered in LDAP to browse and download them quickly? And if not, how do you distribute patches to air-gapped machines?

Re:Is there even a reason to patch airgapped machi

[El_Muerte_TDS]

To fix non-security related bugs.

Re:Is there even a reason to patch airgapped machi

[allquixotic]

Or maybe you might have an airgapped "kiosk", with a keyboard and/or mouse and a dedicated application running modal (so it can't be bypassed to access the OS, perhaps without some hardware hacking). If it's non-networked, or only networked locally to some other system on-site, but still accessible to "users" who aren't fully trusted to the same level as the CEO (e.g., line employees, general public customers, etc.), you might want to patch it *for* security vulnerabilities, such as "if the user presses Ctrl+Alt+Del, they can access the desktop" (or something equally based on the concept of user input -> system access). That would be an example of a software-based security exploit on airgapped equipment.