Re: [CentOS] Update question
2009/10/14 John R. Dennison : > Because advising someone to run with known vulnerabilities > is conducive to maintaining the integrity of critical > systems? If those vulnerabilities put your servers at risk in the environment that you use them, then that would qualify as *need* to upgrade (and fast). > I've been seeing this mentality a lot recently, and while > in some corner-cases it does make sense, for the majority > of users it does not and leaves them open to pain and suffering > in the future. On the one hand I'm quite fortunate that our critical infrastructure is completely isolated but on the other I'm rather unfortunate with the requirement for near constant uptime with ageing hardware and no spare cash - until things go wrong... I also monitor various lists for vulnerability updates. > Update once in a while after testing in a properly configured > test environment and you will, in the long run, be much happier. Completely agree! :) Ben ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update question
On Wed, Oct 14, 2009 at 07:51:27PM +0100, Benjamin Donnachie wrote: > > Do you *need* to upgrade? If the machines are running anything > critical, I would be tempted to leave them with 5.2. Because advising someone to run with known vulnerabilities is conducive to maintaining the integrity of critical systems? I've been seeing this mentality a lot recently, and while in some corner-cases it does make sense, for the majority of users it does not and leaves them open to pain and suffering in the future. Update once in a while after testing in a properly configured test environment and you will, in the long run, be much happier. John -- DMR: So fsck was originally called something else. Q: What was it called? DMR: Well, the second letter was different. Dennis M. Ritchie, Usenix, June 18, 1998. pgpeI4jMBM3us.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update question
On Wed, 2009-10-14 at 19:51 +0100, Benjamin Donnachie wrote: > 2009/10/14 Ron Loftin : > > I have some customer machines that have not been updated for some time, > > and are still on CentOS 5.2. > > Do you *need* to upgrade? If the machines are running anything > critical, I would be tempted to leave them with 5.2. > That is a valid question. As these systems are Internet-facing boxes providing firewall/VPN/DNS services, I do need to keep them as current as customer management will allow for bug fixes and security patches. Everything on them is either from the CentOS repos or one of the more reliable 3rd-party repos such as RPMforge, so I'm hoping for a manageable amount of issues here. And yes, I DO test in a non-production environment before I deploy. I have lost my taste for tossing stuff into production without checking it out in advance. I'm a firm believer in the old Reagan-era philosophy of "Trust, but verify". ;> -- Ron Loftin relof...@twcny.rr.com "God, root, what is difference ?" Piter from UserFriendly ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update question
2009/10/14 Ron Loftin : > I have some customer machines that have not been updated for some time, > and are still on CentOS 5.2. Do you *need* to upgrade? If the machines are running anything critical, I would be tempted to leave them with 5.2. Ben ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update question
On Wed, Oct 14, 2009 at 2:36 PM, Ron Loftin wrote: > > I have some customer machines that have not been updated for some time, > and are still on CentOS 5.2. While reading the release notes for 5.4, I > have not yet seen anything that looks like it needs attention, but are > there any known issues or "gotchas" related to moving directly from 5.2 > to 5.4? > > Comments, pointers, things to look for are all welcome. > On a few virtual systems I moved directly from 5.2 stock to 5.3 completely updated. There were no issues to speak of except that I ran out of space in /var and had some trouble with the LVMs not resizing properly. In short, I had to take the system down to single user mode to unmount /var and resize the journal. Once that was complete, the update went fine. I did have a glitch some months ago moving from a 5.2 with some minor patches to 5.3. I lost the network connections to the Xen virtual systems and found out that the default MAC address of the virtual ethernet conflicted with the hardware address of the Linksys adapter. Moving from 5.2 to 5.4 may hit the same issue. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
