[OpenIndiana-discuss] 3737 days of uptime
Hans J. Albertsson
hans.j.albertsson at branneriet.se
Sun Apr 7 12:16:19 UTC 2013
Also, given the "boot environments" and live upgrade methods of OI and
other Solaris derivatives, applying a patch is NOT dangerous.
Apply, reboot into new environment (overnite??), and if things seem to
have problems, go back to the old environment.
The only caution that seems reasonable is to not apply too many patches
or updates at once: in the outlandish case of a patch problem, you want
to be able to guess with some accuracy which part of the patches applied
had the problem.
Doing the proper snapshots of non-BE datasets is of course required
before rebooting into a "test" environment.
On 2013-04-07 13:47, Edward Ned Harvey (openindiana) wrote:
>> From: Ben Taylor [mailto:bentaylor.solx86 at gmail.com]
>>
>> Patching is a bit of arcane art. Some environments don't have
>> test/acceptance/pre-prod with similar hardware and configurations, so
>> minimizing impact is understandable, which means patching only what is
>> necessary.
> This thread has long since become pointless and fizzled, but just for the fun of it:
>
> I recently started a new job, where updates had not been applied to any of the production servers in several years. (By decree of former CIO). We recently ran into an obstacle where some huge critical deliverable was not possible without applying the updates. So we were forced, the whole IT team working overnight on the weekend, to apply several years' backlog of patches to all the critical servers worldwide. Guess how many patch-related issues were discovered. (Hint: none.)
>
> Patching is extremely safe. But let's look at the flip side. Suppose you encounter the rare situation where patching *does* cause a problem. It's been known to happen; heck, it's been known to happen *by* *me*. You have to ask yourself, which is the larger risk? Applying the patches, or not applying the patches?
>
> First thing to point out: Suppose you patch something and it goes wrong ... Generally speaking you can back out of the patch. Suppose you don't apply the patch, and you get a virus or hacked, or some data corruption. Generally speaking, that is not reversible.
>
> For the approx twice in my life that I've seen OS patches cause problems, and then had to reverse out the patches... I've seen dozens of times that somebody inadvertently sets a virus loose on the internal network, or a server's memory or storage became corrupted due to misbehaving processes or subsystem, or some server has some kind of instability and needs periodic rebooting, or becomes incompatible with the current release of some critical software or hardware, until you apply the patches.
>
> Patches are "bug fixes" and "security fixes" for known flaws in the software. You can't say "if it ain't broke, don't fix it." It is broke, that's why they gave you the fix for it. At best, you can say, "I've been ignoring it, and we haven't noticed any problems yet."
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the OpenIndiana-discuss
mailing list