Also, given the "boot environments" and live upgrade methods of OI and
other Solaris derivatives, applying a patch is NOT dangerous.
Apply, reboot into new environment (overnite??), and if things seem to
have problems, go back to the old environment.
The only caution that seems reasonable is to not apply too many patches
or updates at once: in the outlandish case of a patch problem, you want
to be able to guess with some accuracy which part of the patches applied
had the problem.
Doing the proper snapshots of non-BE datasets is of course required
before rebooting into a "test" environment.
On 2013-04-07 13:47, Edward Ned Harvey (openindiana) wrote:
From: Ben Taylor [mailto:bentaylor.sol...@gmail.com]
Patching is a bit of arcane art. Some environments don't have
test/acceptance/pre-prod with similar hardware and configurations, so
minimizing impact is understandable, which means patching only what is
necessary.
This thread has long since become pointless and fizzled, but just for the fun
of it:
I recently started a new job, where updates had not been applied to any of the
production servers in several years. (By decree of former CIO). We recently
ran into an obstacle where some huge critical deliverable was not possible
without applying the updates. So we were forced, the whole IT team working
overnight on the weekend, to apply several years' backlog of patches to all the
critical servers worldwide. Guess how many patch-related issues were
discovered. (Hint: none.)
Patching is extremely safe. But let's look at the flip side. Suppose you
encounter the rare situation where patching *does* cause a problem. It's been
known to happen; heck, it's been known to happen *by* *me*. You have to ask
yourself, which is the larger risk? Applying the patches, or not applying the
patches?
First thing to point out: Suppose you patch something and it goes wrong ...
Generally speaking you can back out of the patch. Suppose you don't apply the
patch, and you get a virus or hacked, or some data corruption. Generally
speaking, that is not reversible.
For the approx twice in my life that I've seen OS patches cause problems, and
then had to reverse out the patches... I've seen dozens of times that somebody
inadvertently sets a virus loose on the internal network, or a server's memory
or storage became corrupted due to misbehaving processes or subsystem, or some
server has some kind of instability and needs periodic rebooting, or becomes
incompatible with the current release of some critical software or hardware,
until you apply the patches.
Patches are "bug fixes" and "security fixes" for known flaws in the software. You can't say
"if it ain't broke, don't fix it." It is broke, that's why they gave you the fix for it. At best, you can
say, "I've been ignoring it, and we haven't noticed any problems yet."
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
