On 8 Feb 2006, at 09:43, JP Carballo wrote:
Alex Barnes wrote:
I think the "once it's working, leave it alone" advice is very sound
indeed :)
A similar rule says "If it ain't broke, don't fix it."
Until you realize some script kiddie has exploited another Apache/
mod_ssl bug and is now remote-controlling your box.
There are no hard and fast recipes here. Neither the "automatically
apply any and all updates" nor the "build and never look at it again"-
policies should be applied without taking the specific situation into
account.
If your box is on the internet you simply cannot forego updates.
Period. If your box is completely walled off from the internet you
can be lax about it (unless you have to worry about attacks from the
inside).
The best policy is probably one that is halfway between the two.
There are packages you only ever want to update "under parental
supervision", like kernels. Then there are packages where you want to
grab any update you can get ASAP, like Apache, or PHP, or SSH. Yum
allows you to express this in its configuration, you can exclude
packages from the automatic update.
I personally run a nightly script that uses yum to determine if there
are updates. I apply them by hand. However, this is only feasible
because it runs on just two machines.
jens
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
