On Sat, 2005-11-26 at 07:47 +0800, John Summerfied wrote:
> That is plain stupidity. It is worse than securing your system sensibly
> and applying _no_ updates.
Applying security fixes as they are released is part of securing a
system sensibly.
> If you blindly apply updates as they appear, you will get a broken
> system, nothing surer.
Doing anything blindly is not a good approach. However, I have yet to
break a system by following this rule:
* On servers, which have a minimal set of packages installed (my
servers are usually single-trick ponies), I run automatic
updates.
* On workstations (with loads of multimedia, end-user, and whatnot
applications) I run yum daily to check for updates and then
apply them manually after assessing the risk that mplayer might
stop working, or something.
That said, I wish the yum metadata would contain information pointing
out security related updates. One could then go and just apply security
fixes and their dependencies.
> If you run yum daily to keep the system up2date and something breaks,
> you will have no idea whether something changed, what changed or when.
Not true, /var/log/yum.log.
Cheers
Steffen.
Attachment:
signature.asc
Description: This is a digitally signed message part
