> >> Is the only reasonable solution to schedule a "human cron" once a week >to look > >> at needed updates? Ouch. > > > > A middle-of-the-road approach is to have a machine or VM where you can > > test things, perhaps the one you use as your own desktop or for > > development, where you have all the packages installed that the other > > systems use. You can 'yum update' this one frequently, noting what > > packages are affected and that everything still works after a reboot > > (for things where that might make a difference). > > I use a VM set up this way with the following crontab: > > # check for yum updates every 12 hours > 5 0,12 * * * root /usr/bin/yum -q check-update 2>/dev/null > > so I get an email whenever there's any updates due. I can then > evaluate, test, and (perhaps) schedule a time to manually update the > production servers. The yum-updatesd package does all of this. Its config file is pretty simple and has your choice of whether to download, whether to install, and where updates should go.