On Mon, Nov 21, 2011 at 5:50 PM, Stephen Walsh steve@nerdvana.org.au wrote:
On 11/22/2011 10:43 AM, Tom Sorensen wrote:
FSVO risk, sure. Except that upstream recommends this all the time when troubleshooting customer systesms.
IOW, the risk is exceptionally small.
With a nice support contract and an army of willing RH engineers on the other end of a phone, yes, the risk is small.
And you are running the same code...
For $Johnny_webhost, who takes his daily income from his business, and can't afford the above mentioned support on his rack full of EL boxes (which is why he uses centos), he needs to balance the risk of losing customers due a security incident vs running a full up to date and stable system with a mix of current and upcoming release packages, and all with the knowledge in his head and what he can get from the main centos list (most of which last time I looked appeared to be a conversation about why you should use ubuntu over centos).
The Lowest Common Denominator is the one we need to think about here. The end user that wants EL stability and security, but can't afford to spend the money on upstream subscriptions.
The question is whether this person would be better off getting security updates that were built post-minor-rev-update or not in a default 'yum update'. It's a yes or no question, where recommending doing one thing and making the default something else doesn't make a lot of sense. With/without the CR approach, the non-security related updates are going to come along for the ride, and you will probably want them anyway.