Safe to patch security only?
by roffeboffe from LinuxQuestions.org on (#5ECK7)
Hi
I am managing 300+ linux servers and use Ansible/AWX for patching. We are patching all servers monthly.
One division have had one ore two bad experiences with patching everything. Particularly postgres has broken (once or twice) and one time a new kernel broke their software. So they have asked us to apply security patches only.
I have the final say in this and I think it is wiser to patch everything every month and rather fix problems when (if) they happen. We are doing snapshots before patching and removes snapshots 48 hours after patching.
What do you think is best? What are the possible implications of security only patches?
If the security updates are sufficient to keep systems secure I am willing to grant their wish.
Running CentOS and Ubuntu on the servers. We are in the process of migrating to Ubuntu/debian only.
I am managing 300+ linux servers and use Ansible/AWX for patching. We are patching all servers monthly.
One division have had one ore two bad experiences with patching everything. Particularly postgres has broken (once or twice) and one time a new kernel broke their software. So they have asked us to apply security patches only.
I have the final say in this and I think it is wiser to patch everything every month and rather fix problems when (if) they happen. We are doing snapshots before patching and removes snapshots 48 hours after patching.
What do you think is best? What are the possible implications of security only patches?
If the security updates are sufficient to keep systems secure I am willing to grant their wish.
Running CentOS and Ubuntu on the servers. We are in the process of migrating to Ubuntu/debian only.