[Gllug] Wide eyed and Innocent new members.

[Pete Ryland]

On Thu, Oct 24, 2002 at 02:07:29PM +0100, Adam Bower wrote:
> Stephen Harker wrote:
> >Right. Well, in that case, I would be very careful about upgrading a 
> >"production" machine from $version to $version+1 using anything at all 
> >without testing it all first on an identical machine or something. But 
> >that is just common sense. If there wasn't a real need to upgrade the 
> >server and the older version (eg potato) was still being supplied with 
> >security patches and was working fine, I wouldn't even do the upgrade.
> >But as for keeping on top of security updates, "apt-get update ; apt-get 
> >dist-upgrade" run from /etc/cron.daily and a sensible "sources.list" 
> >seems to do an excellent job of keeping a running machine tight. 
> 
> Erk! that is something I would not do, I would never schedule something 
> like that to be run from cron. The security update packages can be 
> pushed out quickly without the same peer review testing procedures that 
> the main distro gets. Also some of the security problems may not be 
> applicable (like local exploits on machines that nobody has access to) 
> so I just subscribe to the Debian security mailing list and keep up with 
> developments there.

Personally, I'd be happy to update a number of desktops from cron, *BUT* I'd
get them to update from a local repository whose packages are first tested
locally with the equipment used on the desktops.

Local repositories are very easy to set up and will also save you bandy.

Pete

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug