> > > - my second solution was to do exactly what MandrakeUpdate is doing, just simpler
> > > (aka assuming one wants to update everything).
> > I missed that one.
> Here it is: ftp://ftp.mandrakesoft.com/pub/pixel/mdk-update.pl
> > > These 2 are so simple that i can't see what needs to be done!
> > So write a tool and put into the distro. Make sure it can efficiently
> > and reliably (deal with old and new dependancies, etc.) update the O/S
> > even if run every hour.
> The pb is i don't know if we're ready for automatic updates. I'm no security guy
> for sure!
This is a good point, and security is not the only issue. Several people
on this list have reported that some system daemons (bind was one, IIRC)
removed their entries in /etc/rc.d/rc*.d/ on an update. Sure, this
*shouldn't* have happened, but when you do a manual update you at least
have a chance of spotting it. There is also the issue of config file
syntax changes - the .rpmorig and .rpmnew files that tend to appear when
upgrading Samba, for example.
For updating a single-user, desktop machine, the GUI MandrakeUpdate is
probably all that is required. For updating a large production network of
machines, I prefer to use the method:
Keep an updated local mirror of the 7.2 tree (or only selected packages,
if bandwidth is an issue - the first part of Pixel's mdk-update.pl script
will do nicely for this).
Perform upgrades manually on one machine, and check (as far as possible)
that they have worked and not caused any nasty side-effects. Create short
shell scripts if necessary to fix any problems.
Once satisfied, mirror the shell scripts and selected RPMS to all
production servers and run an update script on each (i.e. rpm -Fvh *
followed by execing all extra shell scripts).
I wouldn't trust a fully automated update routine on production
machines; it's just too easy for little problems to creep in.
2p
Michael
