Installing only critical updates via yum?
Phil Meyer
pmeyer at themeyerfarm.com
Fri Feb 2 16:13:07 UTC 2007
Nick Webb wrote:
> Hey all,
>
> I'm a pretty new Fedora fan, been using FC6 for 3 months.
>
> Is there a way to only install critical (needed for security)
> updates? Other than reading each and every patch description, of
> course. Right now I have some 25+ updates to install, but I know just
> one or two must be security fixes. I don't want to upgrade all the
> packages as I've had problems in the past, but I want to keep current
> security wise. At some point in the future when it's not as critical
> to my work, I will upgrade all the packages.
>
> Thanks,
> Nick
Fedora moves too fast to maintain a securities issues list. :)
Basically, a FC4 system that has been updated a time or two a year ago
is probably ahead of the vast majority of Linux systems security patches.
Any FC5 system is way ahead, and FC6 is not even looked at by the
security testers (generally -- not implying anything here) except by the
RedHat kernel guys who have to back port known exploits, performance,
and custom patches into 'all' kernels.
When you talk about patching for security in Fedora Core, it is usually
at the application level (php or some such). Those get wide publication
so you will probably know about them.
For comparison, HPUX and Solaris do major revisions on a 2-3 year
schedule. Those systems have a much larger window to study security
measures. There are lots of HPUX and Solaris systems out there that
have been stable for 10 years or more. We have some where I work.
Those systems need periodic security updates.
I am not suggesting that anyone relax about security, just putting it
into perspective.
More information about the users
mailing list