[CentOS] Auto-updates -- Bad Idea?

Thu Apr 7 00:08:55 UTC 2011
email builder <emailbuilder88 at yahoo.com>




----- Original Message ----
> From: Robert Heller <heller at deepsoft.com>
> To: CentOS mailing list <centos at centos.org>
> Cc: centos at centos.org
> Sent: Wed, April 6, 2011 11:58:46 AM
> Subject: Re: [CentOS] Auto-updates -- Bad Idea?
> 
> At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list <centos at centos.org> 
>wrote:
> 
> > 
> > Hello,
> > 
> >   As I've learned recently, I do not have  any auto updates configured on my 

> > system.  I see some posts on the  web encouraging the use of "yum-cron", but 
>I'd 
>
> > like to know what people  feel about the use of automatic updates.
> > 
> >   That is, for a  server (non-desktop) system, automatic updates could break 

> > things or  have other unforeseen consequences, and that could happen at the 
>worst 
>
> >  of times, since the process runs regularly.
> > 
> >   On the other  hand, for small businesses without highly trained sysadmins 
>or 
>
> > ones  with enough time to baby their servers, missing critical updates to, 
>say 
>
> > openssl or some other mission-critical package could spell  disaster.
> > 
> >   Is the only reasonable solution to schedule a  "human cron" once a week to 
>look 
>
> > at needed updates?   Ouch.
> 
> I use the  "human cron" option.  It might make some sense  to use
> "yum-cron", but the ideal way that would work best would be if  the
> machines using "yum-cron" were tied to a local repo that contains  only
> tested updates -- that is there would be developmental / test  systems
> getting manually updated and then the updates would be tested.   Once the
> updates have pased a QA process, they would be pushed to te internal  /
> local repo, where they would be automagically picked up by "yum-cron". 
> This covers both worlds: avoiding a automagical disaster AND  automating
> updates across a pile of machines without a lot of manual  labor.
> 
> For small shop, just doing manual updates is probably best.  Generally,
> basic CentOS updates are unlikely to cause problems, unless there  is
> odd (non-standard) q hardware and/or odd software involved, so for  many
> people a (blind) yum-cron might actually work just fine.  It  just
> depends on how much of a disaster a machine brought down by a  update
> that happens to break something. 

Thanks for taking the time to answer.  This seems to be the consensus of all 
those who answered, and that was my hunch, so that it is.  Too bad those posting 
instructions for yum-cron on their blogs don't talk about these issues, but they 
are likely desktop users I suppose.

Thanks again