automatic nightly updates

Peter J. Holzer hjp+fedora-legacy at wsr.ac.at
Sat Apr 23 22:02:52 UTC 2005 

On 2005-04-23 14:49:59 -0400, Jim Popovitch wrote:
> On Sat, 2005-04-23 at 13:16 +0200, Peter J. Holzer wrote:
> > I don't think we are talking about malicious updates here, just the risk
> > associated with any change. No matter how careful the vendor tests the
> > patches, they may still break something at the customers site. Also,
> > some updates require a daemon to be restarted. So if you have to
> > guarantee a certain service level, you don't want updates to happen at
> > random times on your production servers. You want to test them on your
> > test machines first, and when you are conviced they don't break anything
> > you deploy them on the production servers at a time that is convenient
> > to you.
> 
> I think you are speaking of one extreme, but there are also others.
> There are many customers of RedHat who buy hardware from the RH HW
> compatibility list specifically because they know RH tests on that
> hardware.  This alleviates the customer from having to re-test and gets
> the fixes into production faster.  Who is going to test better RH or the
> Customer's IT guy?   <--- that's not a direct question, that's something
> to ponder.

There is no doubt that RH is testing a lot more thoroughly than almost
any IT department can. But they can never test the exact HW/SW
combination that will be running on the customer's machines, so local
tests may still find problems that RH can't find.

Also, if you test yourselves, RH doesn't stop testing. You don't have to
decide whether you or RH are doing the tests. You decide whether you are
testing in addition to RH.

I admit that I can't remember if I ever caught a problem with a RH
update during testing. I did catch problems with HP patches during
testing, though. The main reason I don't use automatic updates is that I
need to control when they happen. I can't have a samba or database
server restart while somebody is running a batch job which takes several
days. Unless its really urgent any update which may interrupt
normal operation (if only for a few seconds) must be delayed until the
next maintenance window. And its me who gets to decide whether is really
urgent (and who has to explain that to my boss and our customers).

	hp

-- 
   _  | Peter J. Holzer \Beta means "we're down to fixing misspelled comments in
|_|_) | Sysadmin WSR     \the source, and you might run into a memory leak if 
| |   | hjp at wsr.ac.at     \you enable embedded haskell as a loadable module and
__/   | http://www.hjp.at/ \write your plugins upside-down in lisp". --ae at op5.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 388 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050424/bdcc14dd/attachment.sig>

More information about the fedora-legacy-list mailing list