[CentOS] Advice on upgrading packages

[Craig White]

On Sun, 2006-03-26 at 13:51 +0700, Fajar Priyanto wrote:
> Hi all,
> Regarding packages updates using yum, all this time I only upgrade packages 
> that I think is important, but also at the same time is having little risk of 
> breaking my installation. Such as httpd, ssh, etc.
> 
> But there are many packages that waits to be updated such as lvm, mdadm, etc. 
> I'm worried that it will break my installation (web and mail server). Like 
> the saying "if it ain't broken, don't fix it".
> 
> Is there any pitfall that I should avoid of when upgrading packages using yum? 
> Or is it completely save to let yum update the machine automatically?
> Thank you very much,
----
One of the reasons that you choose one distribution over another would
have to be the quality of package maintenance and the timeliness of
updated packages both for functional fixes and security issues.

In one respect, CentOS 'base' has it easy, in that the source of the
updates is provided for them - they only have to rebuild it (not
intending to diminish the lengths that they go to to rebuild some of the
packages). The intention of the upstream provider and by extension,
CentOS is to provide updates that don't break production systems. Of
course, there are no guarantees. If you want guarantees...I suppose you
buy RHEL.

With specificity to your above worries...you should be greatly concerned
because the updates to the very things you mentioned...httpd, ssh
(probably some of the etc.) are 'security' updates and by failing to
update them, you are risking far more to your installation by not
updating them. The truth is...there are packages that are broke and do
need fixing but you are choosing to ignore that fact.

While I might suggest flippantly to live on the edge and just do 'yum
update' - the fact is, just about everyone on this list does that
frequently and some have it do that automatically/unattended. That is
the intended use (to frequently run 'yum update')

Craig