Wayne Stallwood wrote:
If you are giving access to "ordinary" people to manage the updates why not just instead automate it so that the updates are applied on a fixed schedule without user intervention ?
Giving them some control is still advantageous. It means that they can run updates during other periods of downtime, or they can ring me and ask "is it safe to install xyz?".
The default option is to leave it that no updates get done at all, and in many ways "if it ain't broke..." is a good motto for these systems. But security updates are better installed than not.
Either way you have to deal with updates to say the kernel that won't become effective until after the next boot and either way you don't really have control of when the updates will be applied. In theory anything that may require reconfiguration will be held back unless you specify a dist-update rather than a regular one.
In theory I can enhance the web installer to handle a lot of this, although at this stage I don't really plan to. What I do plant to do is enable it on a server of my own and play with it over time to see if it proves to be a good idea.
You could even script it up to email an update report so in the event that the updating does break something you at least know it was that and not some other problem.
In general, it shouldn't be assumed that I will have access to the server once it leaves me. It may well be that this is only used (if at all) so that I have a way of talking someone through installing necessary updates over the phone. Therefore, emailed reports might be good (so I can initiate that conversation) but the end user will still need a way of installing updates, bearing in mind that the only access they'll have to the server is via a web server.
All that said, if properly locked down I might prefer to have this for some other servers I administer too. "apt-get upgrade" is fine if you trust all the updates it offers, but it is a little lacking in information and not a job I'd be prepared to delegate.
On top of all that, it just feels like a nice project to play with :-)