Re: Bug in yum-autoupdate

[Steven Haigh]

On 02/08/13 02:26, Vincent Liggio wrote:

On 08/01/2013 12:16 PM, Elias Persson wrote:


All the more reason to read up on the differences, and if it's
only one system 'yum remove yum-autoupdate' is hardly a big deal.
If it's 1200 systems, what difference would an option in anaconda
make? It's not like you'll be stepping through that hundreds of
times, right?


No, when I have to migrate to a new OS (which won't be a 6.4 derivative,
it will be a 7.0 one, so probably 8-9 months from now), then I'll worry
about the differences. When I'm testing a piece of hardware that
requires a specific kernel release on an OS I don't run, whether a new
option is installed by default or not is not on the top of my list of
things to worry about.


If you really do have 1200 systems to worry about, I'd be looking at 
things like satellite. I have ~20-25 systems and yum-autoupdate is 
fantastic. It does what it says on the box and relieves me of having to 
watch / check for updates every day. I get an email in the morning that 
tells me what was updated and if there were any problems.


I've been doing this for several years with no problems. Before 
yum-autoupdate I had my own script do similar things in the daily cron.



My point is, what you want (the issue being highlighted) is
already being done. It's not being done precisely where you want
it to be done, but I don't see how that's an issue, given the
circumstances.


What I think should be done is it be an obvious option, not hidden in
release notes.


Its hardly hidden - and if you don't like it, don't install the package 
- its purely in your control.

Re: Bug in yum-autoupdate

[Paul Robert Marino]

Seriously are we still beating this dead horse. While I admit I was the one who took this conversation on a tangent in the first place, every valid point of view on this has been covered from both sides.No resolution will come of it!From here its an intellectual pissing contest lets end it!-- Sent from my HP Pre3On Aug 1, 2013 20:08, Steven Haigh net...@crc.id.au wrote: On 02/08/13 09:59, Vincent Liggio wrote:
 On 08/01/2013 06:07 PM, Steven Haigh wrote:

 If you really do have 1200 systems to worry about, I'd be looking at
 things like satellite. I have ~20-25 systems and yum-autoupdate is
 fantastic. It does what it says on the box and relieves me of having to
 watch / check for updates every day. I get an email in the morning that
 tells me what was updated and if there were any problems.

 Guess none of you have to deal with third party applications, device
 drivers, change management, etc. Simple servers are easy to patch, and
 yes, I've done that for years. But take a system running anything
 graphical (especially with video and audio device drivers) and try to
 randomly patch it, and see how long that lasts!

I hate to say it, but now you've shifted the goal posts. You talk about 
blade servers, now you talk about graphics drivers and audio - which I 
assume would be desktop use.

Even on the desktop though, the kernel doesn't auto-update - so any 
graphics drivers that are installed against a specific kernel version 
will continue to work until you upgrade the kernel manually - at which 
time you will be required to build the kernel modules again (nvidia / 
ATI etc).

 (and yes, I really do have 1200+ systems to worry about. And I sleep
 very happily knowing tomorrow they won't be any different than they were
 today)

Unless in the lack of updates, you leave a security hole and due to the 
lack of updates you never pick up on it. My 16 years of experience says 
that this is a dangerous attitude for system admins to adopt. And no, in 
16 years I have never had a security breach (touch wood).

 Its hardly hidden - and if you don't like it, don't install the package
 - its purely in your control.

 It installs by default. I certainly can uninstall it, or set it to not
 autoupdate, which I shall.


And this may work for you - and thats great for you. It shouldn't 
however mean that the default should be changed to disable this in the 
entire distro.

In fact, if you *really* want to disable auto-updates globally, then 
you're better off using a single line sed command that you can run via 
SSH to all systems you control to disable it. That way it is rapidly 
deployed to all your systems with a simple bash script loop.