On 9/17/07, Yashpal Nagar <[EMAIL PROTECTED]> wrote: > Hi All > > What kind of practice is followed, to apply the patches to production > servers, development servers, hosted mainly on Linux. > > Currently, we have mix of enterprise class Linux systems, scattered > across multiple networks/locations. We have software repositories to get > the patches, on the target box and apply them manually. >
We at SuSE use "quilt" to manage patches, and build scripts around it to automate, if required. This simplifies the task if there are variations in build, and management. > I believe one should not apply the patches frequently on production > servers, unless you really require them and recognise to fix a flaw. On You are right. Quite often, patches bring in new bugs. So the rule of thumb is, if it works, leave it alone. > security side, none of our boxes is directly connected to insecure > network and there are separate firewall devices to take care of external > threats. If suppose, i have a apache box running only web services, is > it considered good to apply all available patches related to apache? Right again. Security fixes usually go in "unconditionally". As for the rest, if it breaks, you fix it. The rest of the patches usually come as feature requests (and starting another cycle of introducing new bugs! :) ), and are requests by other developers/users who cant get a workaround, and badly need it. Answering your question, it is a good idea to categorize your patches in what you need and what you don't before you apply them. > > Please share some information, how you manage production servers in > terms of OS patches, frequency of applying them, how much old patches > generally are applied? > This is more often an internal system admin policy, and I know this is what you wish to know more about. It is usually a test, break, fix cycle on a test machine, before going into production. All in all, it varies from company to company. -- Goldwyn _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - September 28-29, 2007 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
