[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
Ryan Amos
ramos at finetooth.com
Wed Feb 8 10:04:50 MST 2006
This is turning into a sysadmin theory flamewar, but I think the main
point is that Fedora probably isn't the best thing to run on production
machines for QA reasons. This is because Fedora is more or less the QA
testbed for RHEL. CentOS is, for all intents and purposes (except a
little bug I discovered with large block devices >2 TB) the same as RHEL
without the support contract, so it is probably a better choice for a
server you want to keep working for a while.
Debian stable would probably work just as well (though IMO debian tends
to be a bit TOO old,) as would SUSE's stable release version. Just don't
use a "testing" release on a production machine. "yum update" (or
up2date, or apt) is pretty safe on "stable" release trees, but in the
testing releases you can run into problems with package dependencies,
versions, slowly updated mirrors... you get the point.
-Ryan
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Jens
Vagelpohl
Sent: Wednesday, February 08, 2006 4:21 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update
ornot?
On 8 Feb 2006, at 09:43, JP Carballo wrote:
> Alex Barnes wrote:
>
>> I think the "once it's working, leave it alone" advice is very sound
>> indeed :)
>>
>>
> A similar rule says "If it ain't broke, don't fix it."
Until you realize some script kiddie has exploited another Apache/
mod_ssl bug and is now remote-controlling your box.
There are no hard and fast recipes here. Neither the "automatically
apply any and all updates" nor the "build and never look at it again"-
policies should be applied without taking the specific situation into
account.
If your box is on the internet you simply cannot forego updates.
Period. If your box is completely walled off from the internet you
can be lax about it (unless you have to worry about attacks from the
inside).
The best policy is probably one that is halfway between the two.
There are packages you only ever want to update "under parental
supervision", like kernels. Then there are packages where you want to
grab any update you can get ASAP, like Apache, or PHP, or SSH. Yum
allows you to express this in its configuration, you can exclude
packages from the automatic update.
I personally run a nightly script that uses yum to determine if there
are updates. I apply them by hand. However, this is only feasible
because it runs on just two machines.
jens
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list