[CentOS] Is this right? -- Centos 6 and RHEL 6 infrastrure for continuous update/upgrade

Johnny Hughes johnny at centos.org
Sat Feb 9 10:58:01 UTC 2013


On 02/08/2013 07:45 PM, Gelen James wrote:

<snip>
> supposed I installed with Centos 6.2 last year, and let's say Centos 6.4 comes out two months later and I have not updated a single package since initial installation until Centos 6.4 comes out (I am way too lazy :)

That would be extremely unfortunate ... because there are *VERY
IMPORTANT* security updates that come out between point releases. 

There are 2 classes of these updates (Critical and Important) that
should be applied ASAP after release to prevent root access by
unauthorized users.  It is extremely important to maintain Internet
facing machines updated with security updates.  There are 2 less severe
security updates (Moderate and Low) that should also be installed, but
are not as critical ... and there are also bugfix and enhancement
updates that are a convenience, but likely not required.

Machines get rooted if security updates are skipped ... don't do it.

Our CentOS Announce list has "Topics" that split those announcements so
you can minimize the traffice you get.  One "topic" is "Security
Updates" ... utilizing that and the Daily Digest feature, you can get
one e-mail (only on days when we do a security release) to get minimum
contact for only important announcements.  Please use it.

To understand how Red Hat rates "Severity" ... please review this:

https://access.redhat.com/security/updates/classification/

Here is also some good reading concerning security metrics:

http://www.redhat.com/security/data/metrics/

Stay updated !!!

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130209/df461c38/attachment.sig>


More information about the CentOS mailing list