LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

August 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS August 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Bug in yum-autoupdate
From:	Steven Haigh <[log in to unmask]>
Reply To:	Steven Haigh <[log in to unmask]>
Date:	Fri, 2 Aug 2013 10:07:50 +1000
Content-Type:	text/plain
Parts/Attachments:	text/plain (50 lines)

On 02/08/13 09:59, Vincent Liggio wrote:
> On 08/01/2013 06:07 PM, Steven Haigh wrote:
>>
>> If you really do have 1200 systems to worry about, I'd be looking at
>> things like satellite. I have ~20-25 systems and yum-autoupdate is
>> fantastic. It does what it says on the box and relieves me of having to
>> watch / check for updates every day. I get an email in the morning that
>> tells me what was updated and if there were any problems.
>
> Guess none of you have to deal with third party applications, device
> drivers, change management, etc. Simple servers are easy to patch, and
> yes, I've done that for years. But take a system running anything
> graphical (especially with video and audio device drivers) and try to
> randomly patch it, and see how long that lasts!

I hate to say it, but now you've shifted the goal posts. You talk about 
blade servers, now you talk about graphics drivers and audio - which I 
assume would be desktop use.

Even on the desktop though, the kernel doesn't auto-update - so any 
graphics drivers that are installed against a specific kernel version 
will continue to work until you upgrade the kernel manually - at which 
time you will be required to build the kernel modules again (nvidia / 
ATI etc).

> (and yes, I really do have 1200+ systems to worry about. And I sleep
> very happily knowing tomorrow they won't be any different than they were
> today)

Unless in the lack of updates, you leave a security hole and due to the 
lack of updates you never pick up on it. My 16 years of experience says 
that this is a dangerous attitude for system admins to adopt. And no, in 
16 years I have never had a security breach (touch wood).

>> Its hardly hidden - and if you don't like it, don't install the package
>> - its purely in your control.
>
> It installs by default. I certainly can uninstall it, or set it to not
> autoupdate, which I shall.
>

And this may work for you - and thats great for you. It shouldn't 
however mean that the default should be changed to disable this in the 
entire distro.

In fact, if you *really* want to disable auto-updates globally, then 
you're better off using a single line sed command that you can run via 
SSH to all systems you control to disable it. That way it is rapidly 
deployed to all your systems with a simple bash script loop.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV