No, I don't think any distro enables them by default. But Fedora, Ubuntu, and RHEL all document and encourage the practice. Remember that there is a heavy cost to *not* updating, even for a short time, and the vast majority of users don't do manual updates, whether for lack of knowledge, time, or motivation. So it's a matter of choosing the better of two evils, for most people, and hence for the distros. If you consider that the source of your updates is the same as the source of your base OS, you should in principle be happy to get any improvements. Regarding non-invasiveness, anything truly malicious wouldn't advertize itself in the update email. Also, wouldn't someone producing such a thing put it in the base OS, to get a bigger audience? And in either case, it would be found and fixed quickly. You'd want automatic updates then for sure (of course, if the hack were any good, it would turn them off). --jh-- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list