The 'E' in CentOS stands for Enterprise. Enterprises use change control. Servers do not update themselves whenever they see an update. Updates are tested (not so much), approved and scheduled, hopefully in line with a maintenance window. In most enterprises that I've been in, a server can't even contact the default repo servers. And remember that for a RHEL server, it has to be registered with RHN before it can officially receive updates. Defaulting yum-updatesd to on will be a no-op in almost every 'enterprise' case. Enterprises also don't hang servers directly off the Internet. There are many layers betwixt the wild web and the OS. In the decade plus that I've been running RHEL, I've seen 1 update that was worthy of an emergency change to push it out RIGHT NOW to the servers. And even that one didn't really need to be done. ---------------------------------------------------------------------- Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.net "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine