[ale] How often do you patch?

Michael H. Warfield mhw at WittsEnd.com
Thu Mar 12 11:25:51 EDT 2015 

[nit]

Please don't start another thread (Subject) by replying to an existing
thread (thread hijacking).  Some of us use threading readers that show
this as a reply to: "Suject: Re: [ale] Weird problem with wifi adapter".

[/nit]

On Wed, 2015-03-11 at 16:35 -0400, DJ-Pfulio wrote:
> How often do you patch?

> When do you NOT patch? Why not?

> Please differentiate between business and home choices.

Home:

As often as I get around to it.  I have a large number of machines
(virtual and hard iron) and a grand round of patching can take the
better part of a day.  Still, at least once a month, if not once a week
as a side thought.

Business / Organizationally:

Staged and incremental (and this relates to my home updates) and depends
on services and machine nature and update nature.  My frequent "home" or
non-production updates provide me with experience with the updates in
the pipe, so I'm rarely surprised.  Production and critical path
machines only get updated after stage, test, and development machines
are updated and confirmed working.  Security updates take priority and
test machines are updated immediately to test for any regression issues.
Once passed, updates are moved progressively into more critical machines
with backups in place in case a regression appears.

In the past, I've had regression problems with databases, DNS, and BGP
services.  Those systems get looked at closely and I keep multiple
redundant systems to protect against failure.

Example...

DNS servers...  Update one slave authoritative server first and confirm
full functionality.  Then propagate to other slaves.  Then test updates
on master server, with backups to fall back to.

On the database front, Postgresql has been problematical in major
release upgrades (you need to backup the database and then restore it)
but the transition from MySQL to MariaDB has been a bit annoying in some
cases (mostly in dependency issues).  Have to pay attention to database
engines.

Most updates are timed for minimal disruption (time of day, day of
week).

Some are situational...

Currently, I'm responsible for a domain hosted at DreamHost with
multiple web sites.  Some of them run Joomla!.  Joomla! just recently
updated from 3.3.6 to 3.4.0.  So, I get notices of the update.  I read
the release notes and there are some caveats about drivers and php
issues.  Dreamhost is only supporting 3.3.6.  So that update waits
on-hold until Dreamhost updates their support and I know these
infrastructure caveats have been cleared.

Soo...  Bottom line - It's a big "it depends".

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20150312/d89d3f5a/attachment.sig>

More information about the Ale mailing list