On Tue, 13 Dec 2011 15:35:37 +0700 Sthu Deus <sthu.d...@gmail.com> wrote:
> Good time of the day. > > > I have put to cron auto update of a system by aptitude. > > As parameters I set safe-upgrade and 'yes' to all questions - so that > packages might be installed itself in case of config. questions, etc. > > Now I think it will not be secure in case there is a problem w/ public > key of a maintainer - it probably will accept BAD key also. > > So, my question is, What is the proper way of at one hand to get > automation of upgrade process, at the other - to remain the upgraded > system safe?! > > > Thanks for Your time. > > The general rule of thumb is to automatically update only workstations and test servers, never production servers. There is no way that automation can know whether it is wise to apply a particular update immediately, to wait a while, or not do it at all in cases of serious error. While errors (in Stable, at least) are extremely rare, the cost to a production server could be enormous. My preference is to run a simulated update early in the morning and email the result to me. I decide later whether to carry out the update or not. I don't believe that is part of an admin's job that can or should be automated away. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111213094519.2f32b...@jretrading.com
