Patching Up Configuration Management
Configuration management is a many-headed beast, but the biggest beast with the sharpest teeth is the patch monster. Every day, a new vulnerability, a new patch – and an old decision: patch and maybe break something (I’m looking at you, Spectre and Meltdown), or stay online and be vulnerable. This model – “panic patching” -- is in wide practice, but not sustainable. For now, an efficient and reliable system is essential; for the long term, we need an entirely new model.