[CentOS] why not have yum-updatesd running by default?

Wed Dec 28 09:51:43 UTC 2011
Fajar Priyanto <fajarpri at arinet.org>

On Wed, Dec 28, 2011 at 4:04 PM, Bennett Haselton <bennett at peacefire.org> wrote:
> Power users can always change it if they want; the question is what would
> be better for the vast majority of users who don't change defaults.  In
> that case it would seem better to have updates on, so that they'll get
> patched if an exploit is released but a patch is available.
> If the risk is that a buggy update might crash the machine, then that has
> to be weighed against the possibility of *not* getting updates, and getting
> hacked as a result -- usually the latter being worse.

IMHO, the risk of applying patches blindly outweight the benefit of
automatic update.
Yum-updatesd would not only fixes security bug, but also other things
that may not be good for our system.
Consider a database server that got automatically updated and the
sysadmin is so contemplate that it's only after a month or so he
realized the update have caused a corruption in the database. I don't
think his boss would be happy.

If a sysadmin is concern of the security of the servers, he should
subscribe to security advisory mailing list and do any required update
in time.
Laziness is not an excuse. Anyway, should he decides, he can always
easily activate the automatic updates.