[CentOS] Auto-updates -- Bad Idea?
Robert Heller
heller at deepsoft.com
Thu Apr 7 03:25:48 UTC 2011
At Wed, 6 Apr 2011 17:08:55 -0700 (PDT) CentOS mailing list <centos at centos.org> wrote:
>
>
>
>
>
> ----- Original Message ----
> > From: Robert Heller <heller at deepsoft.com>
> > To: CentOS mailing list <centos at centos.org>
> > Cc: centos at centos.org
> > Sent: Wed, April 6, 2011 11:58:46 AM
> > Subject: Re: [CentOS] Auto-updates -- Bad Idea?
> >
> > At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list <centos at centos.org>
> >wrote:
> >
> > >
> > > Hello,
> > >
> > > As I've learned recently, I do not have any auto updates configured on my
>
> > > system. I see some posts on the web encouraging the use of "yum-cron", but
> >I'd
> >
> > > like to know what people feel about the use of automatic updates.
> > >
> > > That is, for a server (non-desktop) system, automatic updates could break
>
> > > things or have other unforeseen consequences, and that could happen at the
> >worst
> >
> > > of times, since the process runs regularly.
> > >
> > > On the other hand, for small businesses without highly trained sysadmins
> >or
> >
> > > ones with enough time to baby their servers, missing critical updates to,
> >say
> >
> > > openssl or some other mission-critical package could spell disaster.
> > >
> > > Is the only reasonable solution to schedule a "human cron" once a week to
> >look
> >
> > > at needed updates? Ouch.
> >
> > I use the "human cron" option. It might make some sense to use
> > "yum-cron", but the ideal way that would work best would be if the
> > machines using "yum-cron" were tied to a local repo that contains only
> > tested updates -- that is there would be developmental / test systems
> > getting manually updated and then the updates would be tested. Once the
> > updates have pased a QA process, they would be pushed to te internal /
> > local repo, where they would be automagically picked up by "yum-cron".
> > This covers both worlds: avoiding a automagical disaster AND automating
> > updates across a pile of machines without a lot of manual labor.
> >
> > For small shop, just doing manual updates is probably best. Generally,
> > basic CentOS updates are unlikely to cause problems, unless there is
> > odd (non-standard) q hardware and/or odd software involved, so for many
> > people a (blind) yum-cron might actually work just fine. It just
> > depends on how much of a disaster a machine brought down by a update
> > that happens to break something.
>
> Thanks for taking the time to answer. This seems to be the consensus of all
> those who answered, and that was my hunch, so that it is. Too bad those posting
> instructions for yum-cron on their blogs don't talk about these issues, but they
> are likely desktop users I suppose.
And/or small shops with very 'vanila' systems: no specialized hardware
or software. And are not mission critical -- eg the occasional day of
downtime is not a total disaster -- maybe some lost sales maybe.
>
> Thanks again
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
--
Robert Heller -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
More information about the CentOS
mailing list