automatic nightly updates

[John Pybus]

Dan Schlitt wrote:
> I guess it is my paranoia from 15 years of system administration but I
> would never do unattended patching of any computer I really cared about.

What about those computers no-one "really cares" about? ;-)

I don't do unattended updates on any computer I'm responsible for, not 
even on my test systems and desktops.  But, I'd still support a default 
policy of automatic daily updates.  Any sensible admin would turn it off 
and implement their own policy, and the rest (those who have presumably 
not responded to clear documentation of the default) would deserve 
untested updates of less assured reliability; many probably wouldn't mind.

I know many 'administrators' of personal boxes, and even a number of 
groups of workstations and servers, where either no effort is made to 
apply updates, or only very sporadic effort.  This includes RH7, RH9, 
FC1 and FC2 installs all now supported by FL (though I can't say how 
many have actually been configured to use FL repositories and how many 
are effectively abandoned).  When others don't keep systems updated it 
affects me both by a greater general threat on the network from 
compromised boxes, and by lowering the reputation of the Linux systems I 
use.

> It would be nice if yum had an option to just download the rpms. Then I
> could look at them and install them on my own schedule. But I haven't
> been able to detect such an option.

This is something that'd be rather useful.  As it is when my scripts 
warn me of impending updates I review them, run yum update and have to 
wait while they're fetched from a mirror.  A version of yum check-update 
which pre-populated the RPM cache would be pretty handy.

John