[CentOS] Is this right? -- Centos 6 and RHEL 6 infrastrure for continuous update/upgrade

Sat Feb 9 21:25:19 UTC 2013
Eddie G. O'Connor Jr. <eoconnor25 at gmail.com>

On 02/09/2013 05:58 AM, Johnny Hughes wrote:
> On 02/08/2013 07:45 PM, Gelen James wrote:
>
> <snip>
>> supposed I installed with Centos 6.2 last year, and let's say Centos 6.4 comes out two months later and I have not updated a single package since initial installation until Centos 6.4 comes out (I am way too lazy :)
> That would be extremely unfortunate ... because there are *VERY
> IMPORTANT* security updates that come out between point releases.
>
> There are 2 classes of these updates (Critical and Important) that
> should be applied ASAP after release to prevent root access by
> unauthorized users.  It is extremely important to maintain Internet
> facing machines updated with security updates.  There are 2 less severe
> security updates (Moderate and Low) that should also be installed, but
> are not as critical ... and there are also bugfix and enhancement
> updates that are a convenience, but likely not required.
>
> Machines get rooted if security updates are skipped ... don't do it.
>
> Our CentOS Announce list has "Topics" that split those announcements so
> you can minimize the traffice you get.  One "topic" is "Security
> Updates" ... utilizing that and the Daily Digest feature, you can get
> one e-mail (only on days when we do a security release) to get minimum
> contact for only important announcements.  Please use it.
>
> To understand how Red Hat rates "Severity" ... please review this:
>
> https://access.redhat.com/security/updates/classification/
>
> Here is also some good reading concerning security metrics:
>
> http://www.redhat.com/security/data/metrics/
>
> Stay updated !!!
>
> Thanks,
> Johnny Hughes
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I would assume (and I know it's not good to do that!) that the updates 
and patches that are pushed out through the repos are something not to 
be ingored,....so why would the severity of one be that big an 
issue?....(and I'm just curious...not trying to start a war!..LoL!)


EGO II