- At what point does a third party app get rolled into the production
repository (not sure if I said that correctly)? Example: At what point is it OK for the OS maintainers to adopt a newer version or PHP, MySQL, Apache, etc.?
This is completely up to the admin. Some are forced to adopt newer packages because of feature/function requirements. I would say 'when you trust it to be stable, and not eat your data' followed by 'after very rigorous testing'.
- I have read mixed opinions with how to install a database server.
Some articles say install it via YUM for compatibility purposes; while others say install it from a tar ball or source to ensure other packages do not try to upgrade and break the database. What are your thoughts? I plan on running a web server farm for a CMS/DB that needs to have a five 9 uptime.
This is the concept of an enterprise level distribution. If you build from source, you have no method of knowing what files come from which package, or how they're linked without doing extensive digging. Using a package manager such as yum&rpm you're quickly able to see these details and perform file audits to see if things have been modified, removed, etc since install.
With source, you're on your own for staying on top of security updates, patches, bugs etc, not only for every package individually, but also in how the packages operate together as a unit. With a package based distro, you don't have to worry about this. The concern becomes 'what changes with the new package', and in centos (with very few exceptions) the answer is NOTHING. This is why security fixes and bug patches are backported to current versions instead of replacing them with the 'latest and greatest'. The bug gets fixed, but your operation never changes.
Now, 5 9's is basically PHB-speak for "We want bragging rights", and is fairly unrealistic unless you're setting up a server farm and clustered services. You will need to test every update before you roll it out, and you'll have other work that you need to do.