Linux wrote:
People who prepare and maintain a distro have (and should have) many concerns in mind. Security is one of them and integrity is another. But in this situation, integrity is simply ignored (on the behalf of GFS situation because I backed down from my XFS related complains)
Disabling kernel upgrades simply solves the situation but raises some other questions about "What else can be broken with security apprehensions?"
I do not know which one to choose:
- Absolutely not-working server because of missing updates
- Maybe will be attacked server because of missing security updates.
specific to GFS... GFS is a clustered file system. You do NOT run automatic updates willy-nilly on a production cluster, there's just far too many ways it can go bad. You test them on a staging environment before approving their deployment, then you have to have a specific process for applying the patches to the cluster, and if they are major patches, this usually involves bringing the cluster down, applying the tested and approved patches to all cluster members, then bringing the cluster back up one node at a time, then going back live for production. If the patches are minor, you may be able to do a rolling upgrade, where you bring down one cluster member, patch it, put it back online, then bring down the next, etc... The cluster administrator have to determine the appropriate maintenance process, then follow it religiously.
btw, what is WITH all these lame gmail addresses? linuxlist ? centoslist ?? Do I call you Mr Linux, or Mr List ?