yum plugin suggestion or yum change?

[Matthew Miller]

On Mon, Dec 05, 2005 at 09:42:42AM -0500, Jeff Spaleta wrote:
> And yet it frequently happens with the GFS related kernel module
> packages. Security kernel fixes which go directly into

External kernel module packages are just plain awkward. I haven't seen a
great solution yet.


> The argument the original poster made about best security practices
> with regard to automated updates may hold some weight but I counter it
> with this.  Should automated nightly updates be relied on?  Is this
> something Fedora wants to encourage people to do based on security
> best practises?  I certaintly don't automate updates unless I have
> tested the update process on a single system. I then have other
> similiar local systems auto update from a local repository.

Based on my experience, automatic updates by default *is* best security
practice AND turning disabling that default and conscientiously and
regularly applying tested updates by hand is also.

Most people aren't going to do the "test first" thing, and those who do can
turn off the updates. Otherwise, "install and forget" is the normal
practice. Or, "install and have the best intentions of updating, but other
things are always going on, because I really have this computer to do my
work not fiddle around".

Occasionally, things break, but the risk of that is smaller than the risk of
security problems and generally the consequences less severe. (Downgrade a
package vs. must reinstall the whole machine.) 

Therefore, getting automated updates to work as smoothly as possible seems a
good goal.


-- 
Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>