On 11/7/05, Jarry <[EMAIL PROTECTED]> wrote: > Personally, I prefer rather breaking some dependencies in my system, > over leaving some security hole in it. I am fully aware of the > possibility that some services might be unavailable, but logsentry > and monit will inform me about it...
If your server a production server? Tell me how log entries are gonna inform you if the init scripts can't even start the service? Maintain servers includes maintaining *usability* as well as security. Some of the updates aren't security updates, they are merely feature additions, might in fact introduce more security issues. Furthermore, if you can't even maintain usability of the system, I don't see how or why you need to keep it secure, that system won't work anyways. Let me just give you one more example: A upgrade to the PAM library might require you to restart sshd, otherwise new connections may not auth. That information will be printed on the screen after the new PAM library is merged. However that will not appear in the emerge.log. Tell me, how you are gonna know that you should restart your sshd if that upgrade was carried out by a cron job. To make things worse, just imagine, that system is a remote system, and is maintained through ssh. Pfff. Anyway, good luck with being an admin. -- Joe -- There are 3 kinds of people in the world: Those who can count, and those who can't. -- gentoo-user@gentoo.org mailing list
