On Wed, Dec 28, 2011 at 4:04 PM, Bennett Haselton <bennett at peacefire.org> wrote: > Power users can always change it if they want; the question is what would > be better for the vast majority of users who don't change defaults. In > that case it would seem better to have updates on, so that they'll get > patched if an exploit is released but a patch is available. > > If the risk is that a buggy update might crash the machine, then that has > to be weighed against the possibility of *not* getting updates, and getting > hacked as a result -- usually the latter being worse. IMHO, the risk of applying patches blindly outweight the benefit of automatic update. Yum-updatesd would not only fixes security bug, but also other things that may not be good for our system. Consider a database server that got automatically updated and the sysadmin is so contemplate that it's only after a month or so he realized the update have caused a corruption in the database. I don't think his boss would be happy. If a sysadmin is concern of the security of the servers, he should subscribe to security advisory mailing list and do any required update in time. Laziness is not an excuse. Anyway, should he decides, he can always easily activate the automatic updates.