On 02/08/2013 07:45 PM, Gelen James wrote: <snip> > supposed I installed with Centos 6.2 last year, and let's say Centos 6.4 comes out two months later and I have not updated a single package since initial installation until Centos 6.4 comes out (I am way too lazy :) That would be extremely unfortunate ... because there are *VERY IMPORTANT* security updates that come out between point releases. There are 2 classes of these updates (Critical and Important) that should be applied ASAP after release to prevent root access by unauthorized users. It is extremely important to maintain Internet facing machines updated with security updates. There are 2 less severe security updates (Moderate and Low) that should also be installed, but are not as critical ... and there are also bugfix and enhancement updates that are a convenience, but likely not required. Machines get rooted if security updates are skipped ... don't do it. Our CentOS Announce list has "Topics" that split those announcements so you can minimize the traffice you get. One "topic" is "Security Updates" ... utilizing that and the Daily Digest feature, you can get one e-mail (only on days when we do a security release) to get minimum contact for only important announcements. Please use it. To understand how Red Hat rates "Severity" ... please review this: https://access.redhat.com/security/updates/classification/ Here is also some good reading concerning security metrics: http://www.redhat.com/security/data/metrics/ Stay updated !!! Thanks, Johnny Hughes
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos