Quarterly Patch dilemma...Again!

Christopher E Chaves · ‎07-11-2002

I have this problem every trhee months and I usually go around with Hp about but what the heck, here goes again. I keep seeing how wonderful the patch database is, and how I can get the quarterly patch bundle in the mail (which we do...two months late!!) or download. But that isn't good enough. We are expected to patch with any critical patches through three weeks prior to the schedulled patching. This mean that I have to scour the patch database for DAYS checking to see what critical patches have come out after the creation of the patch bundle through our deadline. After making the recommendation to be able to submit post date ranges in the patch database many MANY times, I see that the "new and improved" patch database is still missing this vital item. So I ask you, What is the most efficient way to find all critical patches that have posted after the last qurterly patch bundle through today? I also ask that if anyone reading this thread has any input on the design of the patch database, please, PLEASE include post date ranges. I can't believe that I am the only with this dilemma.

harry d brown jr · ‎07-11-2002

Attack the problem by using the custom patch manager.

live free or die
harry

Live Free or Die

Daimian Woznick · ‎07-11-2002

This doesn't resolve your issue on critical patches, but security patches have a tool that can be used. It is security patch check (B6834AA) and can be downloaded here:

http://www.software.hp.com/ISS_products_list.html

You may be able to modify this some way, emphasis on may because I haven't looked into it.

Christopher E Chaves · ‎07-11-2002

Sorry Harry, I should have mentioned that our government contract prohibits us from using running applications on our systems that would involve sending configuration and software information to ANYONE, including HP. Couple that the number of variations we have between all of our systems across all of our platforms and we simply don't have the coverage in our support contracts to use them anyway.

Martin Johnson · ‎07-11-2002

Are you on the patch notification list? Each week HP emails a list of recently released patches. It takes only a few minutes to review the list.

HTH
Marty

Anonymous · ‎07-11-2002

The SPC Daimian pointed to is a perl script that apparently does the check based on a data file to get via ftp.

I'm just wondering if there can be a data file that contains more than "just" security patches- probably you may ask HP to offer this service as this seems to meet your needs (However, I'd not expect to get this for free;-)

uri_1 · ‎07-12-2002

Apart from security issues, why would you want to install patches the second they come out?

I have encountered bad patches more than once... I usualy install them when I need them.

Christopher E Chaves · ‎07-12-2002

Uri,
It's not that I want to apply patches the moment they come out, but we do have it documented with our customer that we will apply any appropriate critical patches that have been released earlier than three weeks prior to the date of our first systems patching. I am on the patch notification list and have some 30 or so patch notifications, but this means entering each patch into the patch database individually and downloading them one at a time. This is how we are currently doing it, as well as displaying the ENTIRE pacth list and going through each patch on at a time and determining if we need it. This is enormously slow. While playing around yesterday, however, I did discover that I could create a boolean string for a list of individual post dates and Critical: Yes which works well, once you get all of the dates enetered, separated by OR operators.

Steven Sim Kok Leong · ‎07-12-2002

Hi,

Always use match-what-target-has. This would mean that only patches applicable to your OS and software residing on your system will be patched.

Security patches are usually the most critical ones and should be prioritized over other bug fixes.

Hope this helps. Regards.

Steven Sim Kok Leong

John Payne_2 · ‎07-12-2002

The wording is confusing me. (Maybe because you are dealing with the government...) When you say: 'We are expected to patch with any critical patches through three weeks prior to the schedulled patching.' Does that mean that you have to install them to a development/staging box before it goes to production?

If so, can you do what I do? When I get the disk, I install it in development. Then I let it sit there until the next disk comes to my desk. At that time, I install the new patch bundle in development and migrate the patch bundle that is 3 months old into production. This way, there has never been a problem with a bad patch or anything. I monitor the security patch bulletin, and we react if necessary to our environment, but generally, things stay pretty quiet here in regards to patching...

Hope it helps

John

Spoon!!!!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Quarterly Patch dilemma...Again!

Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!

Re: Quarterly Patch dilemma...Again!