In a reply to the same thread a poster said
"Instead of supplying oneoff's it would seem safer for oracle customers
if oracle supplied patchsets that had included regression testing etc.
The current approach just doesn't seem optimal to me."
and he followed with:
"I wouldn't be surprised if oracle changes their direction after getting
some real world feedback from the current approach."
Some interesting thoughts in this thread, are people planning ahead? - after all we know when the patches ar coming, are people able to plan downtime and testing in advance, are people actually using the risk matrix information available in the advisory to assess whether each of their systems are vulnerable and need patching. Is anyone finding the risk matrix useful? - I wonder..:-)