Lanny Marcus wrote: > On 8/13/09, madunix <madunix at gmail.com> wrote: >> Can any one clarify this, is auto updating at all production servers >> recommended or not? >> need to know your opinion, how do you manage the update? > > The NSA Guide to the Secure Configuration of RHEL 5 indicates this is > OK, but not with updatesd which they believe is not mature enough for > an enterprise environment and may introduce unnecessary overhead. They > suggest a cron job that calls yum to do this. > I build a bunch of these updates and test most of the ones I don't build before we release them ... and I STILL don't auto update servers in production. I may be a bit cautious, but I can't imagine I would ever set any production server, in any OS, to every update automatically. If I was ever going to do it, CentOS would be the OS ... but with my job on the line I'll just do the updates by hand and watch the output :D We do auto update all our CentOS Infrastructure servers via cron and they hardly ever have issues. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20090813/93a41a51/attachment-0005.sig>