On Mon, Dec 05, 2005 at 09:42:42AM -0500, Jeff Spaleta wrote: > And yet it frequently happens with the GFS related kernel module > packages. Security kernel fixes which go directly into External kernel module packages are just plain awkward. I haven't seen a great solution yet. > The argument the original poster made about best security practices > with regard to automated updates may hold some weight but I counter it > with this. Should automated nightly updates be relied on? Is this > something Fedora wants to encourage people to do based on security > best practises? I certaintly don't automate updates unless I have > tested the update process on a single system. I then have other > similiar local systems auto update from a local repository. Based on my experience, automatic updates by default *is* best security practice AND turning disabling that default and conscientiously and regularly applying tested updates by hand is also. Most people aren't going to do the "test first" thing, and those who do can turn off the updates. Otherwise, "install and forget" is the normal practice. Or, "install and have the best intentions of updating, but other things are always going on, because I really have this computer to do my work not fiddle around". Occasionally, things break, but the risk of that is smaller than the risk of security problems and generally the consequences less severe. (Downgrade a package vs. must reinstall the whole machine.) Therefore, getting automated updates to work as smoothly as possible seems a good goal. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
