[CentOS] Re: tzdata update, but no announcement?

Thu Mar 29 02:32:21 UTC 2007
Matthew Miller <mattdm at mattdm.org>

On Thu, Mar 29, 2007 at 09:51:38AM +0800, John Summerfield wrote:
> >As long as the sysop doesn't depend on announcements to do updates, it
> >shouldn't matter. You can always cron yum check-update, and read the cron
> >mail.
> As far as I can tell, RH does not announce all updates to RHEL4.

Yeah, annoying. My guess is that it's to prevent updates like timezone data
changes from getting counted as security bug fixes in statistics made by
clueless analyst report firms.

> btw I just discovered my FC6 test system busily trying to update itself, 
> without my consent.

Yes, thank goodness. Updates are essential. There's two cases: informed,
active sysadmin; vs. not paying attention.

With updates off by default, the informed sysadmin may or may not turn them
on -- but they're the case which is most likely to apply security updates
quickly when needed. The other case ends up with no updates. This issue
affects the rest of us in the form of botnets and spam.

Updates automatically = if you don't like it, you can turn 'em off. If you
don't care, you've got a minimal level of protection.

> My consent would certainly be withheld, there's no way I can track FC 
> updates through a modem, especially with all the stuff I do want.
> FC6 may well find itself replaced with Debian.

I think you'll find the current popular fanboy "ooh I'm going to leave
threat distribution to be Ubuntu". Two years ago, Gentoo, but apparently
that's passé now.

Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>