On Sun, Apr 30, 2023 at 11:14 AM Mark London <mrl@psfc.mit.edu> wrote:
Because of my own personal horror stories of waking up to finding high priority linux servers broken, due to nightly automated updates, I now prevent automatic updates on my servers. I only do manual security updates. In addition to implementing modern security techniques for our network. That is just my personal belief system. It's worked for the past 25 years.
The only time we ever got hacked, was because of some stupid php scripts that our developers had put online, or because people's passwords had become leaked. And some of those situations were nightmares also. In two case of which, happened while I was away on vacation, and I had to fix everything remotely. But that was never due to updates.
I probably shouldn't express my opinion. But I have a lot of empathy for the guy who discovered his mailman broken due to upgraded Python. Which triggered my nightmares.
But it's great though to have a very responsive community here, to bring people back from the dead. - Mark
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ LOL
IMHO, automated upgrades on any server is a bad thing! You have just seen that with Python. Imagine you were running PHP code and you automatically upgraded from PHP7 to PHP8! Chances are high that all your PHP applications will be broken in the process. You ALWAYS need to review all the software for compatibility (with your code & configs) before you do an upgrade. Such information will be clearly spelt in the ChangeLog, which requires a human to read and decide.
Or maybe in 2023, ChatGPT can help with that? :-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]