Linux wrote:
People who prepare and maintain a distro have (and should have) many
concerns in mind. Security is one of them and integrity is another.
But in this situation, integrity is simply ignored (on the behalf of
GFS situation because I backed down from my XFS related complains)
Disabling kernel upgrades simply solves the situation but raises some
other questions about "What else can be broken with security
apprehensions?"
I do not know which one to choose:
- Absolutely not-working server because of missing updates
- Maybe will be attacked server because of missing security updates.
specific to GFS... GFS is a clustered file system. You do NOT run
automatic updates willy-nilly on a production cluster, there's just far
too many ways it can go bad. You test them on a staging environment
before approving their deployment, then you have to have a specific
process for applying the patches to the cluster, and if they are major
patches, this usually involves bringing the cluster down, applying the
tested and approved patches to all cluster members, then bringing the
cluster back up one node at a time, then going back live for
production. If the patches are minor, you may be able to do a
rolling upgrade, where you bring down one cluster member, patch it, put
it back online, then bring down the next, etc... The cluster
administrator have to determine the appropriate maintenance process,
then follow it religiously.
btw, what is WITH all these lame gmail addresses? linuxlist ?
centoslist ?? Do I call you Mr Linux, or Mr List ?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
