Hi, On an isolated network, updates are definitely a "if it ain't broke don't fix it" deal however the reality is this is a rarity these days. Something somewhere will have the Internet. Linux is pretty solid when it comes to problems by not updating but its not immune.
Rivendell uses MySQL and Apache which are fairly well known targets, heck even SSH versions have had problems. Its a balancing act to be honest, Internet facing machines should be updated asap in most cases but then internal LAN stuff can lag behind a bit with a good firewall and security practices. The important thing to realise is that out of date software was updated for a reason, usually in the case of MySQL and Apache there are at least a handful of security fixes in each update. The tricky part is figuring out what a broken/compromised system will cost you in terms of potentially losing data (or becoming a spam bot and having your emails blocked or having your web domain blocked by google search as your apache was compromised), then sitting and figuring out how much time it will take to keep it up to date all the time vs the likely hood that an update will break something. I'm not an authority on security by any stretch of the imagination but I've had a bad time dealing with being given spam bot status and losing email for 48hours as well as dealing with a nasty spreading Windows virus for 2 weeks and consider the keep stuff up to date mantra a lesson learned (and the lesser known all Windows anti-virus programs are a waste of time but you still need to use them). The only two pieces of advice I have is never update your production machines first and always have backups somewhere so that you can recover in a bad situation. If you're never going to update things, at least understand the good and bad points of doing so. Regards, Wayne -----Original Message----- From: [email protected] on behalf of Nathan Steele Sent: Wed 09/01/2013 17:30 To: User discussion about the Rivendell Radio Automation System Subject: Re: [RDD] updated to 2.3.0, lost ASI cards you should uncheck the other repositories in the add software menu to avoid it nagging you about "XX Updates availible" honestly if I were not using ASI cards I don't think I'd have any problems with the new kernel, though it's too soon to really say that for sure. my standard procedure in the past was to install from the appliance disk. do all updates, configure the system, test, turn off all repo's except paravel, and put into production. I was in the testing phase when rivendell 2.3.0 was released so decided to update, I noticed some other updates I thought I might want, and just did all the updates again, including the kernel update that broke the ASI driver. My current, production rivendell system has been running with no updates other than rivendell for about 2 years now Nathaniel C. Steele Assistant Chief Engineer/Technical Director WTRM-FM / TheCrossFM On 1/9/2013 12:20 PM, [email protected] wrote: > So what is the best plan then for building a new system like Nathan, using > the Broadcast Appliance CD? > > Once Rivendell has been installed, do not install all updates. > > Only update rivendell, 'yum install rivendell' at the command line? > > Will that properly update the system and not break anything else? > > Thanks, > > Todd > > > On Wed, 09 Jan 2013 12:01:08 -0500 > Nathan Steele <[email protected]> wrote: > >>> Another idea you can do to prevent this is to not upgrade the >>> kernel, but update everything else that needs updating... if it >>> ain't broke on your hardware, don't fix it. >> totally agreed, and once a system is in production, it gets updates >> turned off. should have paid more attention to what I was updating, >> but I'm still relatively new to 'Nix so it's a good lesson in the >> ramifications of a kernel update..... >> >> >>> Kernel modules are built using the current working kernel's source >>> tree, so it's by default installed to the current kernel version >>> kernel directory (i.e. /lib/modules/`uname -r`) >> Greek to me...but I'll look into it. any advice would be apreciated >> though. It's currently working by booting into the previous kernel >> though, so no panic. >> >> Thanks all, >> >> Nathaniel C. Steele >> Assistant Chief Engineer/Technical Director >> WTRM-FM / TheCrossFM > _______________________________________________ > Rivendell-dev mailing list > [email protected] > http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev > > > _______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev ####################### Scanned by MailMarshal ####################### ############ Attention: The information contained in this message is confidential and intended for the addressee(s) only. If you have received this message in error or there are any problems, please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Christian Vision or any of its subsidiaries will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. Please note that we reserve the right to monitor and read any e-mails sent or received by the company under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000. Christian Vision is registered in England as a limited company 2842414 and as a charity 1031031 ############
<<winmail.dat>>
_______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
