Oracle Patch Day Becoming Irrelevant 76
mocirac wak writes "Oracle's scheduled quarterly patch day is becoming more and more irrelevant. Oracle critical patches announced in the April 2006 CPU are still not available for download and the ETA is now set for May 15. The whole idea of a patch day was to let DBAs get prepared for testing and deployment. What's the use of having a patch day when there are no patches to download?" From the article: "... Oracle's explanation that patch testing is not yet done points to serious shortcomings and an absence of a good patch development process. 'For such a big organization with a lot of financial resources, they should be ready to handle this without problems. But they are amateurs on everything security related,' Cerrudo said. 'They spend a lot of time creating these patches. Then, patch day comes around and the patches aren't available. Then, when the patches are finally released, it's normal to find that they are incomplete and fail to address the actual vulnerability,' he added."
Deal. (Score:5, Insightful)
If you have an alternative and they are able to serve you better, migrate. If not, suck it up and be thankful the mistakes of your vendor give you a well paying job.
Heaven Forbid! (Score:4, Insightful)
Seems like a bad idea to begin with. (Score:4, Insightful)
Re:Deal. (Score:5, Insightful)
Either way, this is bad on Oracle's part.
Good Thing? (Score:3, Insightful)
Re:Deal. (Score:5, Insightful)
An Oracle Database for a mid-sized website can easily cost hundreds-of-thousands of dollars. We pay Oracle Jockys a 6 figure salary to maintain the behemoth. It's critical to the business. For that price, I expect top-of-the-line support.
I wouldn't expect stellar support for WoW -- it costs something like $20/month. I'm suprised you attempt to compare the two.
The total license fees for Microsoft products for a 100-person office (100 workstations, Exchange, a dozen Windows Servers) is relatively low compared to the cost of the Oracle Database. From Microsoft, I expect good support-- the product needs to behave well, we need access to emergency support, etc.
Two issues are at work here... (Score:2, Insightful)
Second, patches for something as critical as Oracle is within most enterprises, MUST be fully examined and qualified. The comment above about being a year or two behind on patches because patches might break stuff, is relevant here. Again, humans write code and humans make mistakes, even on code meant to fix other broken code. Look at Apple's recent patch-to-fix-a-patch-to-fix-a-patch issue from several weeks back. I applaud Oracle for trying to get quality patches out. However, I would say that there comes a point when you just have to feel comfortable with the patch you have and get it out the door. Better to look like you're doing something while you get things together, even if what you do is not ideal, than to look like you're doing nothing and appear incompetent or unresponsive.
Re:Heaven Forbid! (Score:5, Insightful)
It's Oracle's responsibility. They they can't do it now, they need to invest in their patch development so that they do.
Re:Heaven Forbid! (Score:4, Insightful)
This is not your father's Oldsmobile... (Score:4, Insightful)
It's the same story each release, Oracle marketing trumpets up the latest and greatest Java Parser! then everyone ignores it and goes back to Listeners (which consequently have very few bugs at this point).
So yeah, patches are important, and yeah I apply em, but with Oracle ONLY (and maybe Solaris) to me this is indeed not a big deal.
chitlenz
limited set unavailable? (Score:5, Insightful)
The article makes it sound like the target date was missed entirely, and while I know there are delays for some releases, others were made available as planned.
Why do I get the feeling that most of the complaining here is by people who don't actually use the product?