On Thu, 21 Jul 2005, Michael A. Peters wrote: > On Thu, 2005-07-21 at 09:09 -0700, Frank Liu wrote: > > Hi there, > > > > I have two major issues (system won't boot) after the nightly yum > > auto update, caused by the "new" selinux and kernel. > > I am not blaming the team for bad QA, but I just want to know > > from the list that > > is it still a good idea to enable the nightly auto update? or is > > it better to do it manually? > > Another solution would be to have a hybrid of the two. The reason > > I wanted auto update is so I won't miss a critical security fix. > > This definitely needs to be installed in a timely manner. But > > for other non security related updates, we can wait to do it manually, > > with a scheduled window. In order for this "hybrid" to work, > > all updates need to be tagged with "security" or "non-security" related. > > or maybe tagged with "emergency" or "normal". Then the nightly > > yum update can have a flag to do "all" updates, or just "emergency/security" > > updates. > > > > Thoughts? > > you can specify exludes in /etc/yum.conf > All your other packages will be updated. > > I exclude kernel in mine, and don't update it until it has been out a > little while, kernel panic etc. related to my hardware would probably be > reported on the list. > Yes, excluding kernel will solve one problem. But things like "selinux-policy-targeted" causes problem lately too. I know I can manually exclude this and that, but I am wondering if it is possible to include a "tag" in the updates so that we can auto update those emergency fixes, while wait to schedule for non-emergency updates. Frank
