From: Peter Arremann
This is a question for you guys out there that have a bunch of similar configured systems out there... How do you handle your updates? I do not mean the technical level, but from the logistics. No updates? Just run yum by cron and grab the latest of the web and trust the developers that it works? Deploy only certain packages automatically (i.e. omit kernel updates)? run your own yum/apt/up2date/whatever repos?
Unless there are only 2-3 systems, the last option. I _always_ maintain an internal repository that goes through its own "enterprise release." One test system always gets the task of regression testing a new set of updates before it hits production. High security rollouts happen ASAP, other rollouts are far less pressured.
For only 2-3 systems, I still have a test system, but it's cheap and its hardware does not match production. So I test on one production as long as I can before upgrading all.
If I had a huge client base, I'd just maintain my own repository on the Internet with my releases they feed from. So far, my clients have always had their own resources to maintain the repository and procedures after I setup it up and left.