No resolution will come of it!
From here its an intellectual pissing contest lets end it!
-- Sent from my HP Pre3
On Aug 1, 2013 20:08, Steven Haigh <net...@crc.id.au> wrote:
On 02/08/13 09:59, Vincent Liggio wrote:
> On 08/01/2013 06:07 PM, Steven Haigh wrote:
>>
>> If you really do have 1200 systems to worry about, I'd be looking at
>> things like satellite. I have ~20-25 systems and yum-autoupdate is
>> fantastic. It does what it says on the box and relieves me of having to
>> watch / check for updates every day. I get an email in the morning that
>> tells me what was updated and if there were any problems.
>
> Guess none of you have to deal with third party applications, device
> drivers, change management, etc. Simple servers are easy to patch, and
> yes, I've done that for years. But take a system running anything
> graphical (especially with video and audio device drivers) and try to
> randomly patch it, and see how long that lasts!
I hate to say it, but now you've shifted the goal posts. You talk about
blade servers, now you talk about graphics drivers and audio - which I
assume would be desktop use.
Even on the desktop though, the kernel doesn't auto-update - so any
graphics drivers that are installed against a specific kernel version
will continue to work until you upgrade the kernel manually - at which
time you will be required to build the kernel modules again (nvidia /
ATI etc).
> (and yes, I really do have 1200+ systems to worry about. And I sleep
> very happily knowing tomorrow they won't be any different than they were
> today)
Unless in the lack of updates, you leave a security hole and due to the
lack of updates you never pick up on it. My 16 years of experience says
that this is a dangerous attitude for system admins to adopt. And no, in
16 years I have never had a security breach (touch wood).
>> Its hardly hidden - and if you don't like it, don't install the package
>> - its purely in your control.
>
> It installs by default. I certainly can uninstall it, or set it to not
> autoupdate, which I shall.
>
And this may work for you - and thats great for you. It shouldn't
however mean that the default should be changed to disable this in the
entire distro.
In fact, if you *really* want to disable auto-updates globally, then
you're better off using a single line sed command that you can run via
SSH to all systems you control to disable it. That way it is rapidly
deployed to all your systems with a simple bash script loop.
