On Mon, 7 Nov 2005, John Jolet wrote: > At the risk of of adding to the flames here, perhaps an example is in > order.... I once worked as a sysadmin for a guy who firmly believed in > security. To prevent any security holes from lingering, he did an apt-get > update out of cron every friday night....on production servers (we were > running debian). The instance of us having to spend monday fixing what broke > friday was about 10%. Unacceptable on a server. I don't even do that on my > test systems.
I can understand the paranoia of having your servers hacked but there is usually a middle ground that works reasonably well. I run a script nightly via cron but all it does is do a portage sync and then *prebuild* binary packages for any important updates before sending an email in them morning. I have to apply the updates manually but this gives you a chance to test and/or rollback if need be. The only downside is that manual intervention is required - can't have everything I suppose. -- -- [email protected] mailing list
