On Sep 18, 2013, at 3:15 AM, Listas de Correo wrote:
how do you handle upgrades?
I run Debian GNU/Linux on all my personal servers, and previously SuSE on thousands of machines at a previous work assignment.
For certain key softwares (such as OpenLDAP, MIT Kerberos etc, etc), I do my own packaging (both debs and rpms) on a separate, dedicated, build machine because I don't like having a build environment on [my] servers.
I take the latest version of the Debian GNU/Linux package (or rpm if the target is rpm based), modify it's packaging file(s) - which is usually debian/rules and debian/controls for debs - to suite my needs. One of the first thing I did was disable GnuTLS and instead link with OpenSSL (because of the reasons mentioned earlier). This I also had to do with both Kerberos and SASL (and a whole lot of other important softwares) if I remember correctly
So when I need to upgrade (which I haven't done in almost two years now), then it is easy to take that package, and simply remove the source, replace it with the new source within the package build directory, rebuild and install (i.e. upgrading) the new package...
Granted, I need to keep an eye out for any serious security issues myself, but it's not that big of a problem - being part of the relevant mailing list(s) and skim through the Subjects is usually sufficient...
Since I'm still using packages, I get all the benefits of upgrades, without much trouble.
The reason I haven't upgraded in such a long time is that the current version works just fine for my need. If, however, I can't get a 'new' feature I need to work, the very first thing I would need to do is to upgrade. Mostly because very few people, me included, have any real interest in supporting ancient software....