One question
If you are giving access to "ordinary" people to manage the updates why not just instead automate it so that the updates are applied on a fixed schedule without user intervention ?
Either way you have to deal with updates to say the kernel that won't become effective until after the next boot and either way you don't really have control of when the updates will be applied. In theory anything that may require reconfiguration will be held back unless you specify a dist-update rather than a regular one.
You could even script it up to email an update report so in the event that the updating does break something you at least know it was that and not some other problem.
On Wed, 2008-01-16 at 17:16 +0000, Mark Rogers wrote:
Jonathan McDowell wrote:
apt-get --print-uris -y -qq upgrade
Great! Thanks.
I can get the change notes via: aptitude changelog <pkgname> .. for each package, and then presumably just need to "apt-get install" the selected packages. So that's the theory covered...
NB: Since this is primarily for use on internal servers (ie not Internet facing) I plan on using the sudoers file to grant the web user (www-data) passwordless access to apt-get/aptitude. Can anyone give me reasons why that is a bad idea and/or suggest how else to do this?