Michael, The chance that there will be a show-stopping glitch in a security patch is extrememly small. But this is still too big a risk for live servers in some contexts. I did not think that a new box being completely up to date was a huge problem. As I understand it, the concern is that a glitch in an update will bring down a live server. You are not taking this risk with a new install. After all, it is a new install, and if a glitch stops it from running, you can troubleshoot the problem before you go live. I have never maintained a mirror. You wrote: > What I'm proposing solves the same problem, but doesn't introduce these NEW problems. Maintain a mirror that only folds in new packages after they've been available for N days. How do you implement folding in new packages after N days? Do you manually track every new package that comes out? It seems to me the YUM option that I am proposing would help you maintain your mirror with a lot less manual, tedious stuff. You also wrote: > You're talking like yours is the only possible solution. I disagree with you on that. For the sake of analysis, let's agree that maintaining your own mirror is the ultimate solution. However, it requires more hardware, and a lot more time and effort, than the solution to the security patch problem that I have proposed. The reality out there is that some administrators deal with the security patch problem by never applying them. (Try telling them they must maintain their own mirror!) I believe the solution that I have proposed would be a best compromise for many administrators. Rick
