Hi,
it's always interesting to observe and discuss the different update strategies (although not entirely on-topic)...
On Wed, 06 Aug 2008 11:25:59 -0500, Eric Rostetter rostetter@mail.utexas.edu wrote:
Quoting Charles Marcus CMarcus@Media-Brokers.com:
On 8/6/2008, Eric Rostetter (rostetter@mail.utexas.edu) wrote:
Anyone know about Dovecot 1.1.x rpms for Centos/RHEL 3.x?
I'd be more interested in upgrading the server to a reasonably
recent version of the distro...Unfortunately, it isn't a redundant setup, so an upgrade is downtime.
I've thought about doing an on-line (e.g., yum) upgrade from 3 to 4, but I'm not sure 4 would qualify as "reasonably recent" and it would still require a reboot, but this is an option and would get me the new dovecot rpms at least...
Since there is no good way to do an on-line upgrade from CentOS/RHEL 3 to CentOS/RHEL 5, that isn't really an option at this time (too much downtime).
How can such an important system be a non-redundant setup? Hardware breakage (or a cracker, see below) would cause minutes or probably even hours of downtime...
I've also had machines that were hardware frozen at older OS versions... Though that is not the case in this instance (was for my print server I had to recently deal with).
This is one huge reason why I like gentoo so much.
It has nothing to do with gentoo, IMHO.
It has in that way, that there are no releases, no big jumps with lots of breakage and config file syntax changes... But I definitely wouldn't say Gentoo is a good distribution for systems that need to be highly available. (I'm using Gentoo myself on desktops and servers, but none of them do run really critical stuff).
As long as I update it regularly, I never have to worry about a
massive update that breaks everything.Same can be said for most distros, but I can't afford the downtime of the constant upgrades which mean constant reboots... That is why people pick a "enterprise" solution like RHEL/CentOS, so they can have better uptime (with support) than a non-enterprise systems...
"Enterprise system" - surely sounds professional and all ;) But not rebooting (during scheduled maintenance on a time of week/day where the least clients will be affected) for a new kernel that fixes a critical security issue definitely does not. IMHO.
I regularly have machines with 2 or 3 years of uptime before I need to reboot them for an upgrade (they are behind firewalls, in case you wonder how I get along on such old kernels).
Maybe you should upgrade your security knowledge along with your kernels ;) Many (if not most) attacks come from the inside (e.g. via trojans/viruses/rootkits on client (laptop) computers). Thus, the concept of something being "secure because behind firewalls" is at least partly obsolete.
Obviously, RHEL/CentOS 3.x will end of life, and I'll need to upgrade eventually because of that, but the more I can put it off, then better... But sometimes you just need to bite the bullet, and that day may be close at hand for this server...
Build it with redundancy this time. At least software-wise (for example using virtualisation), so that you have a test system on which you can "simulate" a pending update before you roll it out on the production system.
Patrick.
-- STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/ Phone: +86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779
PGP key: https://stshacom1.star-china.net/keys/patrick_nagel.asc Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005