On 4/6/2011 1:35 PM, email builder wrote:
Hello,
As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
A middle-of-the-road approach is to have a machine or VM where you can test things, perhaps the one you use as your own desktop or for development, where you have all the packages installed that the other systems use. You can 'yum update' this one frequently, noting what packages are affected and that everything still works after a reboot (for things where that might make a difference). Then if you have the yum-downloadonly package installed on the machines that need babysitting, you can 'ssh yum -y --downloadonly update' on them ahead of time so you don't have to wait for the packages when you you are ready to do the update (via ssh or not). It is extremely rare for an update on RHEL or Centos to break anything since the whole point of an 'enterprise' distribution is not change things in ways that will break previously working applications, but it is still always a possibility.