On Tue, Nov 8, 2016 at 12:10 PM, John R Pierce <pierce at hogranch.com> wrote: > On 11/8/2016 9:28 AM, Dipal Bhatt wrote: > >> Unfortunately, that's the constraint it seems hence, there's inquiry of >> other options. But, looks like, any el6 package should work as long as we >> meet the dependencies? >> > > mixing current 6.8 packages with very old 6.3 packages and libraries is a > recipe for problems. these combinations are simply untested. If > you're willing to do such testing, go for it. be sure to regression test > all the corner cases of the specific packages. One thing that would > help significantly would be to uninstall all packages you don't actually > need for these systems. I always start with 'minimal', and install just > the packages my application stack needs. That is a standard policy of > security benchmarks such as CIS [1]. > > how could someone deploy 1000s of computer systems in the field without a > plan for regular security updates?!? that would be somewhat analogous to > buying a fleet of airplanes without any plan or provisions for scheduled > maintenance. > > Yes, will pass on these excellent suggestions to my friend, but agreed with your analogy as well as concerns around security issues for such a large deployment, it seems. Thanks all.