On 02/09/2013 05:58 AM, Johnny Hughes wrote:
On 02/08/2013 07:45 PM, Gelen James wrote:
<snip> > supposed I installed with Centos 6.2 last year, and let's say Centos 6.4 comes out two months later and I have not updated a single package since initial installation until Centos 6.4 comes out (I am way too lazy :) That would be extremely unfortunate ... because there are *VERY IMPORTANT* security updates that come out between point releases.
There are 2 classes of these updates (Critical and Important) that should be applied ASAP after release to prevent root access by unauthorized users. It is extremely important to maintain Internet facing machines updated with security updates. There are 2 less severe security updates (Moderate and Low) that should also be installed, but are not as critical ... and there are also bugfix and enhancement updates that are a convenience, but likely not required.
Machines get rooted if security updates are skipped ... don't do it.
Our CentOS Announce list has "Topics" that split those announcements so you can minimize the traffice you get. One "topic" is "Security Updates" ... utilizing that and the Daily Digest feature, you can get one e-mail (only on days when we do a security release) to get minimum contact for only important announcements. Please use it.
To understand how Red Hat rates "Severity" ... please review this:
https://access.redhat.com/security/updates/classification/
Here is also some good reading concerning security metrics:
http://www.redhat.com/security/data/metrics/
Stay updated !!!
Thanks, Johnny Hughes
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I would assume (and I know it's not good to do that!) that the updates and patches that are pushed out through the repos are something not to be ingored,....so why would the severity of one be that big an issue?....(and I'm just curious...not trying to start a war!..LoL!)
EGO II