Jarry schreef: > Holly Bostick wrote: > > >> The Gentoo Handbook does *not* recommend you do these procedures >> *unattended*, the way you are doing them. > > > Well, gentoo says "...update your system regularly...". I thought it > means really regularly, not "when root finds some spare time to do > it". And things, which must be done on my server regularly, I usually > put into crontab...
Hmmm, interesting concept. What else does root have to do but administer the server? Why exactly does root, whose job is to run the server, have no time to schedule the actual running of the server, which includes: checking whether updates are available; checking whether updates are *appropriate*; making sure that available, appropriate updates don't interrupt the running of the server for which root is responsible? If it was a desktop system, I could understand. I hate to take time out from a good run of AisleRiot to do a glsa-check, myself (and why isn't *that* one of your cron jobs?). But a server is something else entirely. > > >> when something else breaks (because you updated a dependency but >> the > > > Personally, I prefer rather breaking some dependencies in my system, > over leaving some security hole in it. I am fully aware of the > possibility that some services might be unavailable, but logsentry > and monit will inform me about it... You would rather have your server not work than have a security hole in it. What difference does it make if there's a security hole if the server itself doesn't work? Not that I'm advocating security holes, but this just doesn't make sense (the security hole in X package can't be exploited if the program segfaults when you try to start it because its dependencies are broken). > > >> If you suddenly wake up to find that you have no disk space > > > Again, logsentry"a would inform me, I think. And 2x160GB is > plenty of space. BTW, no X/KDE/Gnome on my server... So you have time to fix the errors, but not time to prevent them before they occur? And of course, somehow you are going to be able to fix the errors without taking the server down, without any interruption to your users? I don't get it, but more power to you. > > >> Which you are not doing, and frankly, you're pretty lucky that >> something hasn't blown up up to now. > > > That might happen, sooner o later. But still I think it is still > better than leaving some hole for uninvited visitors. The invited vistors (ordinary users of the server) are on their own, apparently. Holly -- [email protected] mailing list
