[CentOS] Auto-updates -- Bad Idea?

Thu Apr 7 03:25:48 UTC 2011
Robert Heller <heller at deepsoft.com>

At Wed, 6 Apr 2011 17:08:55 -0700 (PDT) CentOS mailing list <centos at centos.org> wrote:

> 
> 
> 
> 
> 
> ----- Original Message ----
> > From: Robert Heller <heller at deepsoft.com>
> > To: CentOS mailing list <centos at centos.org>
> > Cc: centos at centos.org
> > Sent: Wed, April 6, 2011 11:58:46 AM
> > Subject: Re: [CentOS] Auto-updates -- Bad Idea?
> > 
> > At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list <centos at centos.org> 
> >wrote:
> > 
> > > 
> > > Hello,
> > > 
> > >   As I've learned recently, I do not have  any auto updates configured on my 
> 
> > > system.  I see some posts on the  web encouraging the use of "yum-cron", but 
> >I'd 
> >
> > > like to know what people  feel about the use of automatic updates.
> > > 
> > >   That is, for a  server (non-desktop) system, automatic updates could break 
> 
> > > things or  have other unforeseen consequences, and that could happen at the 
> >worst 
> >
> > >  of times, since the process runs regularly.
> > > 
> > >   On the other  hand, for small businesses without highly trained sysadmins 
> >or 
> >
> > > ones  with enough time to baby their servers, missing critical updates to, 
> >say 
> >
> > > openssl or some other mission-critical package could spell  disaster.
> > > 
> > >   Is the only reasonable solution to schedule a  "human cron" once a week to 
> >look 
> >
> > > at needed updates?   Ouch.
> > 
> > I use the  "human cron" option.  It might make some sense  to use
> > "yum-cron", but the ideal way that would work best would be if  the
> > machines using "yum-cron" were tied to a local repo that contains  only
> > tested updates -- that is there would be developmental / test  systems
> > getting manually updated and then the updates would be tested.   Once the
> > updates have pased a QA process, they would be pushed to te internal  /
> > local repo, where they would be automagically picked up by "yum-cron". 
> > This covers both worlds: avoiding a automagical disaster AND  automating
> > updates across a pile of machines without a lot of manual  labor.
> > 
> > For small shop, just doing manual updates is probably best.  Generally,
> > basic CentOS updates are unlikely to cause problems, unless there  is
> > odd (non-standard) q hardware and/or odd software involved, so for  many
> > people a (blind) yum-cron might actually work just fine.  It  just
> > depends on how much of a disaster a machine brought down by a  update
> > that happens to break something. 
> 
> Thanks for taking the time to answer.  This seems to be the consensus of all 
> those who answered, and that was my hunch, so that it is.  Too bad those posting 
> instructions for yum-cron on their blogs don't talk about these issues, but they 
> are likely desktop users I suppose.

And/or small shops with very 'vanila' systems: no specialized hardware
or software.  And are not mission critical -- eg the occasional day of
downtime is not a total disaster -- maybe some lost sales maybe.

> 
> Thanks again
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>                                                                                                                     

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments