> If there genuinely is something as easy as "yum update bind", then > great. But if so, it doesn't seem to be documented, and this is the > reason I haven't rolled out more OpenBSD boxen in the real world. I > run OpenBSD on my own machines. But I'm with Cian here. Keeping up > to date really is its Achilles heel compared to other OSes, and is > holding it back for corporate use.
So when you do "yum update bind" how many people are you extending trust to? Note that this isn't a rhetorical question, I'm actually quite curious how people rationalize this aspect of binary updates. When I apply a patch that I can read I'm pretty sure what I'm getting*. -N * If you haven't read it before you must read "Reflections on Trust": http://cm.bell-labs.com/who/ken/trust.html