Re: (Security) upgrades with shared /usr?
- To: Debian ISP Mailing List <email@example.com>
- Subject: Re: (Security) upgrades with shared /usr?
- From: "Brenda J. Butler" <firstname.lastname@example.org>
- Date: Mon, 20 Feb 2006 11:29:12 -0500
- Message-id: <20060220162912.GR32682@stuffed.animals>
- In-reply-to: <20060220150251.GA13422@kufelek>
- References: <20060220150251.GA13422@kufelek>
On Mon, Feb 20, 2006 at 04:02:52PM +0100, Marcin Owsiany wrote:
> Any security update which requires upgrading some packages would force
> me to shutdown all but one of the machines, remount /usr RW there,
> perform the upgrade, remount it back to RO, and then bring the rest of
> machines back up. (Propagating the changes to files outside /usr is
> another story).
On the pro side for such a configuration, if you are using stable
and limiting the packages installed to exactly what you need and no
more, then you won't have to do this very often. Many of the updates
will not affect you, being for packages you don't have.
You could schedule a regular maintenance time for non-urgent
upgrades, 1/2 hour each week or month. And you keep the benefits
of ro /usr partition. As long as the times are coordinated
between machines, you could even automate it with cron (but I
would automate it to happen when I was there, so I could keep an
eye on the bringup afterwards).