• somenonewho@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    9 months ago

    Jup same here. We have a colleague that constantly reminds everyone that we’re not properly patched (even running eol versions) but there’s always something to be done that’s a higher priority.

    • 0x4E4F@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      Exactly. Shit needs to just work, period. Why? Because otherwise, I’m the one getting 2AM calls… and I would be OK with that if I’m properly compensated for it… which I’m not.

      • poinck@lemm.ee
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        9 months ago

        Did you think of testing security updates on a staging environment before going in production with it, if you suspect in can break things?

        I think there is no excuse to apply security fixes wich have a CVE number.

        If you are on Debian stable unattended updates are not a problem.

        • 0x4E4F@lemmy.dbzer0.comOP
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          edit-2
          8 months ago

          See, building and configuring a staging environment also takes time and money… money which they are not willing to spend on something “for testing” and not in actual use. Plus, I’m not gonna get paid for doing that either, so why actually do it… to be honest, I would do it, even for free, but you gotta caugh up the money for the hardware man. I’ve been told “just use what you have in the scrap pile”… for what, a server 🤨? Are you serious? They barely spend any money on that even, why should I bother creating something as e staging environment.

          • poinck@lemm.ee
            link
            fedilink
            arrow-up
            0
            ·
            8 months ago

            This sounds so horrible, I would consider finding a better employer. I hope, you are not stuck with them.

            • 0x4E4F@lemmy.dbzer0.comOP
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              Actually, I kinda am. Can’t really afford to spend a month or two without pay, so if I do find anything better (which I seriously doubt, every company here is more or less the same regarding IT practices), it would have to be a drop in replacement, which is also hard to do here (they’re gonna try and squeeze as much free labour as possible from you, so you’ll probably be stuck with a 200, 250 euro freelance salary for the next month or two, and as I said, I just can’t afford to do that right now, money is tight, got a family now).