Fedora updates getting more like Windows every day - Examples
davidsen at tmr.com
Wed Aug 25 21:09:21 UTC 2010
Bill Davidsen wrote:
> Siddhesh Poyarekar wrote:
>> On Wed, Aug 18, 2010 at 5:13 AM, Bill Davidsen <davidsen at tmr.com> wrote:
>>> It's getting so keeping systems up to date with current patches is
>>> incompatible with reasonable uptime goals. More and more upgrades
>>> require a reboot, and even reading the CVE data behind the update it's
>>> not always possible to tell if a fix is urgent. I'd like to encourage a
>>> bit more detail in the info with the upgrade, and a little more thought
>>> about what can be done to reduce reboots.
>>> More operations are specifying maximum outage figures, running 7x24, and
>>> running things which have long run times and bad checkpoint code.
>>> At least two companies are done with reminding people to shut off the
>>> desktop overnight, they are putting cloud software on desktops and using
>>> cloud tech to offload mainframes. Not just new tech such as SETI at home
>>> and folding use, but things like PVM. I was admin of a PVM group 21
>>> years ago, but people are still using it.
>> If you subscribe to the package-announce list, you will get detailed
>> emails about updates, like this one:
> I follow the RSS lists, but I'm very aware of this. But current policy is that
> if there is a fix marked as a security bug all net attached machines will get it
> if they run the software.
>> This can help you decide if a kernel update is important for you. If
>> it is not a kernel update then it will most likely not require a
>> reboot. Everything else can be made functional through a service
>> restart at most.
> If only that were true. But PackageManager disagrees. Quite a few things are
> marked to require reboot, and I have noted that at least some of them cause
> strange behavior if a reboot is not done.
>>> To some extent RHEL suffers from this as well, though systems seem to
>>> have fewer and more stable things running.
>> Same for RHEL too. You get information on pages like:
>> Customers also get emails with this information so that they can
>> decide if they want to do an update or not.
>> To conclude, just because an update is available does not mean that
>> you need to apply it. You need to do your own research and decide if
>> an update is relevant for you. And on the point of comparison with
>> Windows, there is none because you cannot really compare the amount of
>> information given out on a Windows update as compared to updates for
>> any Linux distribution.
> New functionality and bug fixes in stuff which "works for us" can be postponed,
> security bugs on exposed machines get fixed pronto, I can explain brief outages
> better than breaches. :-(
In the last few days PackageManager has told me to reboot after install of the
- Kernel header files
- Kernel update
- LDAP support
- Perf monitor
- RUBY libraries
- Network boot ROM firmware
- Open Source BIOS
I think it might be time to separate changes which take effect after reboot (ie.
at your convenience), and upgrades which are likely to make the system unstable
or newly started process behave incorrectly.
More information about the users