I've been closely watching the daily changes in the patchdiag.xref in the past 2 weeks. I've found a serious problem that will result in PCA not applying patches that should be applied if certain versions of patchdiag.xref are used. This is a timing/race issue where recommended patches are removed from the patchdiag.xref; then two days elapse; then the new patch is added. If PCA is used to install patches over that two day period, neither the old recommended patch nor the new recommended patch that replaced it is installed.
Let's look at four specific instances of this issue as it appeared this week. We run the command, "pca -l --minimal missingr" on one host, over a period of 4 days, on February 18, 19, 20, 21. The patchdiag.xref used was retrieved each morning, and has the dates: February 17, 18, 19, 20 respectively. We are not actually installing patches in this example. This example is for reporting purposes only. On the Feb. 18th report, we grep for patch "11866[67]|12513[67]" 118666 38 < 41 RS- 14 JavaSE 5.0: update 39 patch (equivalent to JDK 5.0u39) 118667 38 < 41 RS- 14 JavaSE 5.0: update 39 patch (equivalent to JDK 5.0u39), 64bit 125136 31 < 42 RS- 11 JavaSE 6: update 39 patch (equivalent to JDK 6u39) 125137 31 < 42 RS- 11 JavaSE 6: update 39 patch (equivalent to JDK 6u39), 64bit On the Feb. 19th report, the above four patches do not appear. On the Feb. 20th report, the above four patches do not appear. On the Feb. 21st report, we grep for the same patches: 118666 38 < 42 RS- 3 JavaSE 5.0: update 40 patch (equivalent to JDK 5.0u40) 118667 38 < 42 RS- 3 JavaSE 5.0: update 40 patch (equivalent to JDK 5.0u40), 64bit 125136 31 < 44 RS- 3 JavaSE 6: update 41 patch (equivalent to JDK 6u41) 125137 31 < 44 RS- 3 JavaSE 6: update 41 patch (equivalent to JDK 6u41), 64bit Please understand that I'm not complaining about the 2 days delay before the new patches show up as recommended in the patchdiag.xref file. I know that these new patch appearance delays are part of the release process and are inevitable. My complaint is only that the "old" patch is prematurely removed from the recommended list before the "new" one is added. This premature removal is breaking the patching process on my hosts. I'm patching hosts on February 19th and 20th with all the "Recommended patches" as of that date, but these hosts now have a version of Java that is older than other hosts which were patched on Feb 18th. That's not right. The solution to this problem is to keep the older Java patch listed as recommended in the patchdiag.xref until the new patch is added to the same file. I can't do this myself, Sun/Oracle needs to change the timing of the removal and add to be on the same date. Its OK if this date is 3 days after the patch is released. Neil G. Brookins Identity and Authentication Solutions - IT Global Solutions Towers Watson 1500 Market Street | Philadelphia, PA 19102 Phone: +1 215 246 6046 neil.brook...@towerswatson.com<mailto:neil.brook...@towerswatson.com> Notice of Confidentiality This transmission contains information that may be confidential. It has been prepared for the sole and exclusive use of the intended recipient and on the basis agreed with that person. If you are not the intended recipient of the message (or authorized to receive it for the intended recipient), you should notify us immediately; you should delete it from your system and may not disclose its contents to anyone else. This e-mail has come to you from Towers Watson Delaware Inc.
