On the question:
What about doing security updates automatically?
I don't know about the rest of you, but here is my opinion...
As a sysadmin, programmer, jack of to many trades I maintain a
number of systems under a number of different operating systems.
As such I have to keep track of bug fixes as well as security
updates, etc. I feel if one goes to making a security update
system, one should spend the time to make it more general and do
it for regular bug fixes as well as general package upgrades
too. I have nothing against automatic systems so long as I can
selectively turn them on and off at the package and general
levels. Ideally I'd like to be able to make a "test" suite that
if it passes on an update the update is automatically accepted,
but if it fails the update is backed out and I'm notified. It
should track what changes have been made, and have the ability
to undo those changes at a latter date. This means replaced,
modified and or removed files, etc. must be saved so they can
be restored. I feel that this is an esential ingrediant to the
sucess of the system. This backups function must be done. I can
see a local option that allows for disabling the backup function,
but it should be on by default.
Another thing to think about is if the update can't figure out
how to upgrade the system in a "safe" manner it should not do
the upgrade, but instead spool it for administrator input. As
an example, think of changing a configuration file. If the
admin has made local customizations then the upgrade system
should not do the upgrade, but instead spool it for admin
interaction.
Here ends my input for now...
--
| Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
