[Ma-linux] Centos Up2Date - Best Practices

[Przemek Klosowski]

   My last effort at 'close my eyes' and 'up2date the complete Centos system'
   produced some scary results and knocked out my Apache server for several
   days.  As a similar process - using MS-Redmond aggregate OS patches have a
   way of clobbering the system.

If this is not an extreme outlier, I think this is a major issue with
Centos. I tend to stay with Fedora or RHEL, and they have never failed
me yet in the way that you describe. NB, if I had a situation like this
I would have listed the packages that were installed in the last update:

  rpm -qa --queryformat "%{installtime} %{name}\n" | sort -n

and tried to revert them, starting with the most likely culprits. It's
messy and fallible, because package installation could have changed
things irreversibly. Can anyone think of a better way?

   So what's a SysAdmin to do?  I don't expect to read 50+ bulletins software
   upgrades. The blindfold, just hit the update button, doesn't work so good
   either. 

In my opinion, if you need to keep reading advisories to avoid getting
killed, you've lost; I know it's an extreme position, but I think I
have a point. By the way, since Centos starts out as a RHEL clone,
the only difference is support, which to large degree is how much
effort they put in managing the update process---that's where the
labor goees, and that's why you pay the bucks for RHEL support. 

So how come Fedora's doing as well as it does? well, I think it is
the Open Source magic: many eyeballs, and all that. 

   Bottom line, how often do SysAdmins go in for system utility/OS updates?
   If you don't have 2 servers to stage this on, what alternatives can be used.
   A reasonable alternative is - 'if it's not broke, don't fix it'.

I think Marcus Ranum argues for this style: you lock things up, delete
everything that you don't need, and never touch it again. Nobody ever broke
into a MacOS 7 box running httpd :)