On Fri, 14 Sep 2012, "Trent W. Buck" <trentbuck@gmail.com> wrote:
My rule of thumb (for production gear) is: unless it fixes a bug YOU care about, or adds a feature YOU need, leave it the hell alone. Because new code = new bugs.
If the people who maintain your distribution do a good job then it's really not that bad. When a new kernel version comes out I generally upgrade all DomUs that have direct user access (all web servers etc) immediately. It's not to hard to upgrade them and the risk is too great to do otherwise. For servers that are less convenient to reboot I will read the kernel package changelog and see if there's something that sounds important - for example I'll reboot my database servers if there's a risk of filesystem corruption... I don't generally install a new kernel on a Dom0 because if a user gets any opportunity to exploit a bug there then I've got bigger problems. For packages that aren't really mission critical I install all updates as a matter of routine. Presumably when Debian pushes an update for OpenOffice or something they have a good reason for doing so and the potential consequences of the upgrade not working generally aren't that bad. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/