On 2003-12-02 22:48:04 +0000 James Green jg@jmkg.net wrote:
Incidently, what are people's policies in terms of rolling out software upgrades on servers?
Generally, I test them nearby and then roll them out to remote sites fairly quickly if they don't break. Most of the debian machines track stable, so it's very rare that there's a problem. Kernels are a different matter. I upgrade them as soon as possible, but when I know there's some expert near enough for physical access in reasonable time.
I think changing network settings is the only other thing I treat differently. After Paul Russell's suggestion, I generally start a process that will restore the previous settings, timed for after the changes should be completed. If it works and I still have access, then it's cancelled again. Sometimes that's even a reboot. You really don't want a trip to a machine just because you downed/blocked the network interfaces.
This seems to be an underdocumented topic. I guess it's difficult to give good advice on this. You can find the security upgrade policies of some ISPs online and what you pick as a policy depends on your situation and priorities.