Re: aptitude autoupdating.

To: debian-user@lists.debian.org
Subject: Re: aptitude autoupdating.
From: Joe <joe@jretrading.com>
Date: Tue, 13 Dec 2011 09:45:19 +0000
Message-id: <[🔎] 20111213094519.2f32b9bd@jretrading.com>
Reply-to: joe@jretrading.com
In-reply-to: <[🔎] 4ee70e5d.c820cc0a.6199.fffffc5f@mx.google.com>
References: <[🔎] 4ee70e5d.c820cc0a.6199.fffffc5f@mx.google.com>

On Tue, 13 Dec 2011 15:35:37 +0700
Sthu Deus <sthu.deus@gmail.com> wrote:

> Good time of the day.
> 
> 
> I have put to cron auto update of a system by aptitude.
> 
> As parameters I set safe-upgrade and 'yes' to all questions - so that
> packages might be installed itself in case of config. questions, etc.
> 
> Now I think it will not be secure in case there is a problem w/ public
> key of a maintainer - it probably will accept BAD key also.
> 
> So, my question is, What is the proper way of at one hand to get
> automation of upgrade process, at the other - to remain the upgraded
> system safe?!
> 
> 
> Thanks for Your time.
> 
> 

The general rule of thumb is to automatically update only workstations
and test servers, never production servers.

There is no way that automation can know whether it is wise to apply a
particular update immediately, to wait a while, or not do it at all in
cases of serious error. While errors (in Stable, at least) are extremely
rare, the cost to a production server could be enormous.

My preference is to run a simulated update early in the morning and
email the result to me. I decide later whether to carry out the
update or not. I don't believe that is part of an admin's job that can
or should be automated away.

-- 
Joe

Reply to:

Follow-Ups:
- Re: aptitude autoupdating.
  - From: Sthu Deus <sthu.deus@gmail.com>

References:
- aptitude autoupdating.
  - From: Sthu Deus <sthu.deus@gmail.com>

Prev by Date: Re: To detect proccess sending netpackets.
Next by Date: clipit copy-paste problem.
Previous by thread: aptitude autoupdating.
Next by thread: Re: aptitude autoupdating.
Index(es):
- Date
- Thread