I'm still trying to get an idea about how best to handle patches on CentOS. Say I want to apply security patches automatically on a nightly basis. But when the push from 4.2 to 4.3 comes around, I want to defer that for when I can do it manually. Is that possible? (Preferably with yum, but I would use up2date if that were necessary.) Also, I'm used to doing 'yum update'. I understand that 'yum upgrade' enables the obsoletion logic in yum, but practically speaking, when is it appropriate to use one or the other? Thanks, Steve
All of the 4.x line will update seamlessly with yum. There really is no effective difference between 4.1 or 4.2 except that an ISO image was made at the point where "4.2" was released. So, any/all of the 4.x line can be updated seamlessly to the latest release with yum without any special options. I don't know about `yum upgrade`, I've never done that. -Ben On Sunday 29 January 2006 21:13, Steve Bergman wrote:> I'm still trying to get an idea about how best to handle patches on > CentOS. > > Say I want to apply security patches automatically on a nightly basis. > But when the push from 4.2 to 4.3 comes around, I want to defer that for > when I can do it manually. > > Is that possible? (Preferably with yum, but I would use up2date if that > were necessary.) > > Also, I'm used to doing 'yum update'. I understand that 'yum upgrade' > enables the obsoletion logic in yum, but practically speaking, when is > it appropriate to use one or the other? > > Thanks, > Steve > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. >-- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978
Steve Bergman wrote:> I'm still trying to get an idea about how best to handle patches on > CentOS. > > Say I want to apply security patches automatically on a nightly basis. > But when the push from 4.2 to 4.3 comes around, I want to defer that for > when I can do it manually.you might want to take a look at this : http://www.centos.org/modules/smartfaq/faq.php?faqid=34 it explains what the 4.x ( and 3.x and 2.x ) Versions are. Essentially you are running CentOS-4, the Point release number only indicates how updated your machine is.> Also, I'm used to doing 'yum update'. I understand that 'yum upgrade' > enables the obsoletion logic in yum, but practically speaking, when is > it appropriate to use one or the other?you should not ever need to run 'yum upgrade' on centos. Migration via yum from CentOS2 to CentOS3 to CentOS4 are not supported and actively discouraged. -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq
On Sun, 29 Jan 2006, Steve Bergman wrote:> Say I want to apply security patches automatically on a nightly basis. > But when the push from 4.2 to 4.3 comes around, I want to defer that for > when I can do it manually. > > Is that possible? (Preferably with yum, but I would use up2date if that > were necessary.) >It is if you maintain an internal repository (which if you have a lot of machines is a good idea anyway). You mirror the centos update tree into one repository and copy them into your internal 'production ready' tree when you are ready. This allows you to set your boxes for automatic updates, but manage the volume of updates applied. With a little thought on the repo setups, you could even have separate repos for different machines or types of machines (yum follows symlinks just fine). ------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine
Johnny Hughes wrote:> On Mon, 2006-01-30 at 20:56 -0600, Steve Bergman wrote: >> My original understanding was that only security patches get issued >> between quarterly releases. But that then the distro gets updated >> with bug fixes 2 to 4 times per year. >> >> I may be getting this all wrong, but I get the impression that there >> are 3-4 month periods of quiescence punctuated by short periods (or >> a day?) of significantly more intensive patching. >> >> Is that correct? >> > > That is generally correct ... the upstream provider generally releases > security patches between the update set releases. They generally > release bugfix and enhancement updates during an update set (or as we > call it a point release). > > They also generally release an update set at 3-4 month intervals. > > The update sets contain both security, bufix, and enchantment updates > though ... and normally many of the new enhancement and bugfix updates > are required as dependencies for the security updates. > > All of these things are general though ... to see exactly what updates > were released and when, look here (for the upstream EL4 product): > > You can see every update and the date it was released ... you can also > see the update set dates of: > > Release = 2005-02-14 > > update1 = 2005-06-09 > > update2 = 2005-10-05 > > (this is about 4 months between release sets) > > You can also see that there were: > > 27 day zero updates on 02-15-2005, 3 bugfix updates between release > update1, 3 security updates as part of update1, 0 bugfix updates > between update1 and update2, 11 security updates as part of update2, 5 > bugfix/enhancement updates between update2 and now. > > We at CentOS release the updates that are released upstream ... when > they are released upstream ... we do so regardless of whether they are > bugfix or security or enhancement updates ... because, they were > released when they were for a reason :) > > Some other rebuild distros ONLY release security updates between > update sets ... others release hardly any updates at all. We > personally think the the upstream provider is the absolute best > enterprise distro in the world, and that they are smart enough to > release the updates that they want when they want them released, > therefore, we release the same packages too.I found this interesting, an interview of the Red Hat CIO suggests there may be a change in the way Red Hat rolls its updates. From http://cio.co.nz/cio.nsf/UNID/0358EF0F3EFF0584CC2570AA0073523A?OpenDocum ent Johnny posted this in another thread. "One customer told me that it's difficult to meet the SAS-70 auditing requirements, because Red Hat releases security updates and general patches together. Is your company addressing this? It's true that when quarterly updates come out, security is done only for that update. So customers have to move to that update with us if they want to stay secure. What we're looking at now - and this wasn't necessitated until recently, now that we have over 1 million subscriptions out and 36,000 new customers in each of the last two quarters - is offering longer support for back releases. So some customers could stay on an old update release an still get the security patches." Dean