[CentOS] More questions about patch management

Mon Jan 30 12:30:16 UTC 2006
Johnny Hughes <mailing-lists at hughesjr.com>

On Mon, 2006-01-30 at 05:33 -0500, Jim Wildman wrote:
> On Sun, 29 Jan 2006, Steve Bergman wrote:
> > Say I want to apply security patches automatically on a nightly basis.
> > But when the push from 4.2 to 4.3 comes around, I want to defer that for
> > when I can do it manually.
> > 
> > Is that possible? (Preferably with yum, but I would use up2date if that
> > were necessary.)
> > 
> It is if you maintain an internal repository (which if you have a lot of
> machines is a good idea anyway).  

Exactly :)

> You mirror the centos update tree into
> one repository and copy them into your internal 'production ready' tree
> when you are ready.  This allows you to set your boxes for automatic
> updates, but manage the volume of updates applied.  With a little
> thought on the repo setups, you could even have separate repos for
> different machines or types of machines (yum follows symlinks just
> fine).

If you want to control what updates get applied and do it automatically,
create a local yum repo for your machines and only put stuff you have
tested in there.

You can have a desktop and server repo, or any number of other things :)
Everyone else's comments concerning the point releases (or update sets)
is true as well ... and the FAQ in Karanbir's post explains what that is
about, as does this slide by IBM:


(CentOS-4.3 is EL4 update 3 ... CentOS-3.6 is EL3 update 6)

If one has the upstream EL3 update 2 installed and then runs up2date ...
RHN updates them to all the latest updates.  This would be exactly the
same thing that happens for CentOS when running yum.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060130/e8a268ff/attachment-0005.sig>