On Wed, Feb 10, 2016 at 11:36 AM, George Dunlap <dunlapg at umich.edu> wrote: > > As for my own opinion: I can see both sides of the story, and as a > package maintainer I'd be willing to do either one. Is 4.4 going to receive regular security fixes? Would a yum update to 4.6 work without downtime? By downtime I specifically mean the VMs that are currently running continue to run as expected and management of xen isn't broken, it just requires different tools. If the first answer is yes, I prefer separate packages. If the second answer is no, I prefer separate packages. If the answers are no and yes respectively, then I would prefer yum update. If the answers are both no, then a simple yum update gets dicey. First you have different opinions on which method is the least surprise, but also you have potential PR backlash. Would the centos project as a whole and the sig in particular want to be seen as responsible for definite downtime (if 4.6 automatically comes via yum update) or for having known vulnerable packages? The latter can more easily be seen as the admin's responsibility, IMO. Either way, I would suggest a wiki with a cheat sheet of common commands old vs. new.