0

I've recently subscribed to the CentOS mailing lists so that I can keep up to date with any new releases or updates. I'm subscribed to CentOS-announce.

I get quite a lot of emails regarding bug fixes and updates. Assuming the update is relevant to me, how quickly should I try to apply these fixes? Same day? Same week? Same month?

Ideally I would like to use Yum to install these updates. By the time I've received the email is the fix normally available on the repositories?

What's a realistic update schedule for a production web server? I'm not sure I can justify taking the server offline every day to perform updates! What's reasonable in terms of downtime for performing updates?

GhostInTheSecureShell
  • 417
  • 2
  • 5
  • 10

1 Answers1

1

It's silly to take a specific action on every update announcement that comes through.

As the administrator, you exercise your judgment and knowledge of the specifics of your environment to make a determination of what's important to update.

For example, if Apache and OpenSSH are updated and you have those services open to the public, then it makes sense to keep them up-to-date. But in many environments, those service are not available to the world, so the urgency to update is far lower.

How about the kernel? There's a kernel release every month or two. Updating it is intrusive and causes downtime. But sometimes it makes sense.

I've encountered many web environments where critical packages are never updated; as in years of no updates. That's clearly wrong, but so is updating daily or weekly.

I personally like to evaluate monthly or quarterly. Reported exploits take awhile before they come into common use by attackers.

ewwhite
  • 194,921
  • 91
  • 434
  • 799