Quoting Jim Popovitch <jimpop@xxxxxxxxx>: > On Sun, 2005-04-24 at 14:49 -0400, Dan Schlitt wrote: > > I guess it is my paranoia from 15 years of system administration but I > > would never do unattended patching of any computer I really cared about. > > What about a cluster of 50+ webservers? I see this no different that a cluster of 5 mail servers, or a stand-alone database server, or a single compute machine. If it is different, it is in that I can test things on one of the 50+ machines and find any problems there before I install it on the rest. > I think part of this discussion needs to define what is applicable and > what isn't. As has been previously stated there are cases when > auto-update doesn't apply, i.e. complex database servers, etc. However > for every case that can be made against auto-update, there is an > alternate case for auto-update. See the recently updated https://www.fedoralegacy.org/docs/autoupdates.php > Think of an enterprise with 1500 > desktop PCs all around the world. Who is going to visit all locations > to update? You don't need to. No one said you did. But that doesn't mean you should just have them all do auto updates from the vendor or a third party. > What about webserver farms? How about distributed internal > DNS/NIS servers where the loss of one system isn't critical? etc, etc. See above. It doesn't matter. Remember, you *can* apply updates automatically, from another source, after testing. Just don't forget to do the rest of the work up front. > People need to understand that every environment is unique and what > doesn't work in one instance may very well work very well in another. I think this is all addressed, though maybe not heavily, in the autoupdates.php web page. Not to mention the Red Hat, Microsoft, or a zillion other Best Practices Guides out there, all of which say don't use auto updates of untested software on production machines. > -Jim P. -- Eric Rostetter -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
