On Thu, Mar 29, 2007 at 09:51:38AM +0800, John Summerfield wrote: > >As long as the sysop doesn't depend on announcements to do updates, it > >shouldn't matter. You can always cron yum check-update, and read the cron > >mail. > As far as I can tell, RH does not announce all updates to RHEL4. Yeah, annoying. My guess is that it's to prevent updates like timezone data changes from getting counted as security bug fixes in statistics made by clueless analyst report firms. > btw I just discovered my FC6 test system busily trying to update itself, > without my consent. Yes, thank goodness. Updates are essential. There's two cases: informed, active sysadmin; vs. not paying attention. With updates off by default, the informed sysadmin may or may not turn them on -- but they're the case which is most likely to apply security updates quickly when needed. The other case ends up with no updates. This issue affects the rest of us in the form of botnets and spam. Updates automatically = if you don't like it, you can turn 'em off. If you don't care, you've got a minimal level of protection. > My consent would certainly be withheld, there's no way I can track FC > updates through a modem, especially with all the stuff I do want. > FC6 may well find itself replaced with Debian. I think you'll find the current popular fanboy "ooh I'm going to leave threat distribution to be Ubuntu". Two years ago, Gentoo, but apparently that's passé now. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>