Hi, it's always interesting to observe and discuss the different update strategies (although not entirely on-topic)...
On Wed, 06 Aug 2008 11:25:59 -0500, Eric Rostetter <[EMAIL PROTECTED]> wrote: > Quoting Charles Marcus <[EMAIL PROTECTED]>: >> On 8/6/2008, Eric Rostetter ([EMAIL PROTECTED]) wrote: >>> Anyone know about Dovecot 1.1.x rpms for Centos/RHEL 3.x? >> >> I'd be more interested in upgrading the server to a reasonably >> recent version of the distro... > > Unfortunately, it isn't a redundant setup, so an upgrade is downtime. > > I've thought about doing an on-line (e.g., yum) upgrade from 3 to 4, > but I'm not sure 4 would qualify as "reasonably recent" and it would > still require a reboot, but this is an option and would get me the > new dovecot rpms at least... > > Since there is no good way to do an on-line upgrade from CentOS/RHEL 3 > to CentOS/RHEL 5, that isn't really an option at this time (too much > downtime). How can such an important system be a non-redundant setup? Hardware breakage (or a cracker, see below) would cause minutes or probably even hours of downtime... > I've also had machines that were hardware frozen at older OS versions... > Though that is not the case in this instance (was for my print server > I had to recently deal with). > >> This is one huge reason why I like gentoo so much. > > It has nothing to do with gentoo, IMHO. It has in that way, that there are no releases, no big jumps with lots of breakage and config file syntax changes... But I definitely wouldn't say Gentoo is a good distribution for systems that need to be highly available. (I'm using Gentoo myself on desktops and servers, but none of them do run really critical stuff). >> As long as I update it regularly, I never have to worry about a >> massive update that breaks everything. > > Same can be said for most distros, but I can't afford the downtime of > the constant upgrades which mean constant reboots... That is why > people pick a "enterprise" solution like RHEL/CentOS, so they can have > better uptime (with support) than a non-enterprise systems... "Enterprise system" - surely sounds professional and all ;) But not rebooting (during scheduled maintenance on a time of week/day where the least clients will be affected) for a new kernel that fixes a critical security issue definitely does not. IMHO. > I regularly have machines with 2 or 3 years of uptime before I need > to reboot them for an upgrade (they are behind firewalls, in case > you wonder how I get along on such old kernels). Maybe you should upgrade your security knowledge along with your kernels ;) Many (if not most) attacks come from the inside (e.g. via trojans/viruses/rootkits on client (laptop) computers). Thus, the concept of something being "secure because behind firewalls" is at least partly obsolete. > Obviously, RHEL/CentOS 3.x will end of life, and I'll need to upgrade > eventually because of that, but the more I can put it off, then better... > But sometimes you just need to bite the bullet, and that day may be close > at hand for this server... Build it with redundancy this time. At least software-wise (for example using virtualisation), so that you have a test system on which you can "simulate" a pending update before you roll it out on the production system. Patrick. -- STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/ Phone: +86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779 PGP key: https://stshacom1.star-china.net/keys/patrick_nagel.asc Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005
