[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?

[JP Carballo]

Jens Vagelpohl wrote:

>
> On 8 Feb 2006, at 09:43, JP Carballo wrote:
>
>> Alex Barnes wrote:
>>
>>> I think the "once it's working, leave it alone" advice is very sound
>>> indeed :)
>>>
>>>
>> A similar rule says "If it ain't broke, don't fix it."
>
>
> Until you realize some script kiddie has exploited another Apache/ 
> mod_ssl bug and is now remote-controlling your box.
>
> There are no hard and fast recipes here. Neither the "automatically  
> apply any and all updates" nor the "build and never look at it again"- 
> policies should be applied without taking the specific situation into  
> account.
>
> If your box is on the internet you simply cannot forego updates.  
> Period. If your box is completely walled off from the internet you  
> can be lax about it (unless you have to worry about attacks from the  
> inside).
>
> The best policy is probably one that is halfway between the two.  
> There are packages you only ever want to update "under parental  
> supervision", like kernels. Then there are packages where you want to  
> grab any update you can get ASAP, like Apache, or PHP, or SSH. Yum  
> allows you to express this in its configuration, you can exclude  
> packages from the automatic update.
>
> I personally run a nightly script that uses yum to determine if there  
> are updates. I apply them by hand. However, this is only feasible  
> because it runs on just two machines.
>
That shouldn't be an exception. Anything with an exploit is (at least by 
my definition), broken.
If it's broken, then by all means fix it.
Urpmi has that capability too, to skip certain files when you run 
automatic updates or downloads for manual updating.

-- 
JP Carballo

http://www.netfone2x.com
Bringing the world closer.

It might look like I'm doing nothing, but at the cellular level, I'm really quite busy.