On Mon, Nov 21, 2011 at 5:50 PM, Stephen Walsh <steve at nerdvana.org.au> wrote: > On 11/22/2011 10:43 AM, Tom Sorensen wrote: >> FSVO risk, sure. Except that upstream recommends this all the time >> when troubleshooting customer systesms. > > >> IOW, the risk is exceptionally small. > > With a nice support contract and an army of willing RH engineers on the > other end of a phone, yes, the risk is small. And you are running the same code... > For $Johnny_webhost, who takes his daily income from his business, and > can't afford the above mentioned support on his rack full of EL boxes > (which is why he uses centos), he needs to balance the risk of losing > customers due a security incident vs running a full up to date and > stable system with a mix of current and upcoming release packages, and > all with the knowledge in his head and what he can get from the main > centos list (most of which last time I looked appeared to be a > conversation about why you should use ubuntu over centos). > > The Lowest Common Denominator is the one we need to think about here. > The end user that wants EL stability and security, but can't afford to > spend the money on upstream subscriptions. The question is whether this person would be better off getting security updates that were built post-minor-rev-update or not in a default 'yum update'. It's a yes or no question, where recommending doing one thing and making the default something else doesn't make a lot of sense. With/without the CR approach, the non-security related updates are going to come along for the ride, and you will probably want them anyway. -- Les Mikesell lesmikesell at gmail.com