CentOS - Nov 2016 - CentOS 6.3 packages updates options without upgrading.

Unfortunately, that's the constraint it seems hence, there's inquiry of
other options.  But, looks like, any el6 package should work as long as we
meet the dependencies?
Kindly thanks for many help.

On Tue, Nov 8, 2016 at 10:55 AM, John R Pierce <pierce at hogranch.com>
wrote:
> On 11/8/2016 6:27 AM, Dipal Bhatt wrote:
>
>> Thanks really Leon very much w/ a very resourceful info. esp release
notes
>> helps across minor versions.  So, this is for a friend of mine, and I
have
>> been told that they will not currently consider updating their userland
>> from 6.3 to 6.8 but only selected few packages.  The picture seems to
be
>> that their company runs a lot of apps on 6.3 userland and might have
some
>> specific dependencies, etc., but more importantly, this environment has
>> been running in customers' environment for quite some time esp
1000s of
>> customers, so updating system properly is not easily feasible for this
>> scenario.  However, they can hand pick packages seem fit for update
that
>> can be pushed out using their internal code fixes and updates for end
>> users. SO, this seems to be the problem of trying to hand pick certain
>> packages to be updated, if feasible w/o much adverse effects.
>>
>
> thats a whole lot of words that boil down to  nothing,    they won't
> update because they don't want to, and are too lazy ?
>
>
>
> --
> john r pierce, recycling bits in santa cruz
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

On 11/8/2016 9:28 AM, Dipal Bhatt wrote:
> Unfortunately, that's the constraint it seems hence, there's
inquiry of
> other options.  But, looks like, any el6 package should work as long as we
> meet the dependencies?
mixing current 6.8 packages with very old 6.3 packages and libraries is 
a recipe for problems.      these  combinations are simply untested.   
If you're willing to do such testing, go for it.   be sure to regression 
test all the corner cases of the specific packages.     One thing that 
would help significantly would be to uninstall all packages you don't 
actually need for these systems.     I always start with 'minimal', and 
install just the packages my application stack needs.  That is a 
standard policy of security benchmarks such as CIS [1].

how could someone deploy 1000s of computer systems in the field without 
a plan for regular security updates?!?    that would be somewhat 
analogous to buying a fleet of airplanes without any plan or provisions 
for scheduled maintenance.


[1] 
https://benchmarks.cisecurity.org/downloads/show-single/?file=centos6.201

-- 
john r pierce, recycling bits in santa cruz

On Tue, Nov 8, 2016 at 12:10 PM, John R Pierce <pierce at hogranch.com>
wrote:
> On 11/8/2016 9:28 AM, Dipal Bhatt wrote:
>
>> Unfortunately, that's the constraint it seems hence, there's
inquiry of
>> other options.  But, looks like, any el6 package should work as long as
we
>> meet the dependencies?
>>
>
> mixing current 6.8 packages with very old 6.3 packages and libraries is a
> recipe for problems.      these  combinations are simply untested.   If
> you're willing to do such testing, go for it.   be sure to regression
test
> all the corner cases of the specific packages.     One thing that would
> help significantly would be to uninstall all packages you don't
actually
> need for these systems.     I always start with 'minimal', and
install just
> the packages my application stack needs.  That is a standard policy of
> security benchmarks such as CIS [1].
>
> how could someone deploy 1000s of computer systems in the field without a
> plan for regular security updates?!?    that would be somewhat analogous to
> buying a fleet of airplanes without any plan or provisions for scheduled
> maintenance.
>
>
 Yes, will pass on these excellent suggestions to my friend, but agreed
with your analogy as well as concerns around security issues for such a
large deployment, it seems.  Thanks all.