[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What about doing security updates automatically?

On the question:

    What about doing security updates automatically?

I don't know about the rest of you, but here is my opinion...

As a sysadmin, programmer, jack of to many trades I maintain a 
number of systems under a number of different operating systems.  
As such I have to keep track of bug fixes as well as security 
updates, etc.  I feel if one goes to making a security update 
system, one should spend the time to make it more general and do 
it for regular bug fixes as well as general package upgrades 
too.  I have nothing against automatic systems so long as I can 
selectively turn them on and off at the package and general 
levels.  Ideally I'd like to be able to make a "test" suite that 
if it passes on an update the update is automatically accepted, 
but if it fails the update is backed out and I'm notified.  It 
should track what changes have been made, and have the ability 
to undo those changes at a latter date.  This means replaced, 
modified and or removed files, etc. must be saved so they can 
be restored.  I feel that this is an esential ingrediant to the 
sucess of the system.  This backups function must be done.  I can
see a local option that allows for disabling the backup function, 
but it should be on by default.

Another thing to think about is if the update can't figure out 
how to upgrade the system in a "safe" manner it should not do 
the upgrade, but instead spool it for administrator input.  As
an example, think of changing a configuration file.  If the 
admin has made local customizations then the upgrade system 
should not do the upgrade, but instead spool it for admin 

Here ends my input for now...

|  Bryan Andersen   |   bryan@visi.com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

Reply to: