How often to update? Was - Re: PostgreSQL major version change to 8.1.0

Auke Kok sofar at foo-projects.org
Wed Nov 9 16:35:33 UTC 2005 

Duncan Gibson wrote:

> OK, dumb question time:
>
>how often should I - as a normal user, not a dev - update the moonbase?
>  
>


One of my teachers always said - there are no stupid questions, only 
stupid answers. Here's my stupid answer to this common and smart question:

There is no specific argument for or against any time frame, however 
there are some factors you might need to consider when picking an update 
interval: (contradicting information following)

 o  it's no use updating every hour - there are not enough updates for that

 o  if you are running a publically accessible machine on the big-bad 
internet, you might wish to keep certain packages more up-to-date than 
others, to reduce the risk of a 0-day exploit hitting you. Especially 
important are: apache, php, mysql, ssh, ssl, ftp. These are common 
services that get exploited a lot.

 o  0-day exploits are rare, you don't need to update those packages on 
the same day. Most exploits are based on vulnerabilities which are 
already disclosed and patched more than 2 months.

 o  if you enjoy recompiling your box and getting the latest versions, 
update daily - on average there are between 5 and 50 updates a day. On a 
weekly base this is about 30 to 100 - lots of fun recompiles to watch.

 o  if you have something useful to do, we understand that. You could 
update once a month to keep the list of updates short and run most of 
them overnight, and tie up the loose ends in the morning.

 o  if you can't be bothered, update every 3 months and spend a saturday 
doing the important stuff first, and then letting the rest of the 
updates finish manually.


I personally do all of these - I pick a strategy which fits the system, 
my time, etc. and try to stick with it. This means that I perform much 
more updates on some boxes than the others - and I sit down and take 
time to update that infrequently-updated box remotely. My desktops are 
mixed-strategy: Often I just want the latest version of X, but I can't 
be bothered with kernel updates: there's no real gain in updating to 
every kernel point release - it's just not worth it.

What's your strategy?

Auke

More information about the Lunar mailing list