[Yum] Re: mirror maintenance

Rick Graves gravesricharde at yahoo.com
Tue Sep 7 22:39:43 UTC 2004


Michael,

The chance that there will be a show-stopping glitch
in a security patch is extrememly small.  But this is
still too big a risk for live servers in some
contexts.  

I did not think that a new box being completely up to
date was a huge problem.  As I understand it, the
concern is that a glitch in an update will bring down
a live server.  You are not taking this risk with a
new install.  After all, it is a new install, and if a
glitch stops it from running, you can troubleshoot the
problem before you go live.  

I have never maintained a mirror.

You wrote:

> What I'm proposing solves the same problem, but
doesn't introduce these NEW problems.  Maintain a
mirror that only folds in new packages after they've
been available for N days.  

How do you implement folding in new packages after N
days?  Do you manually track every new package that
comes out?   It seems to me the YUM option that I am
proposing would help you maintain your mirror with a
lot less manual, tedious stuff.  

You also wrote:

> You're talking like yours is the only possible
solution.  

I disagree with you on that.

For the sake of analysis, let's agree that maintaining
your own mirror is the ultimate solution.  However, it
requires more hardware, and a lot more time and
effort, than the solution to the security patch
problem that I have proposed.  The reality out there
is that some administrators deal with the security
patch problem by never applying them.  (Try telling
them they must maintain their own mirror!)   I believe
the solution that I have proposed would be a best
compromise for many administrators.   

Rick




More information about the Yum mailing list