RHEL 4 Update Procedure

[AB]

Hello all,

We run several mission critical RHEL 4 AS servers and we are currently having a
bit of an internal debate regarding the installation of official RedHat updates.

Several of my colleagues think that installing the RedHat updates is too
dangerous because it could potentially break another package and/or another
piece of our or a third party's software.

These are my arguing points as to why we should apply the updates. Please
correct me if I have misunderstood any of the points I make, and feel free to
add more to the list (the more the better): -
.	All RHEL updates are exhaustively tested by RedHat to make sure they
will not break other official components of the OS.
.	RHEL updates are only ever bugfix / security updates. An API/ABI will
never be changed as part of an update. If one of our programs was compiled
against a library which later got updated, the program would not be negatively
affected by the update.
.	RHEL updates are tested against most of the large certified applications
(such as Oracle etc.) before release.
.	RedHat don't release updates just for the fun of it, they release them
to fix new security holes to prevent our systems been broken into, and to fix
known critical bugs to keep our systems stable and our data intact.

On a slightly different note, does anyone know of a certification framework we
could develop our applications to, to provide the best possible compatibility
with the underlying RHEL OS?

What do most other organisations in our position do? I'd be especially
interested to hear from other companies using RHEL 4 AS who must provide 24/7
availability, and what RedHat's official line on the matter is.


Regards,
Adam