On Redhat/CentOS systems, have a look at the Yum "Changelog" plugin, "yum-plugin-changelog" or "yum-changelog" package
See “man yum-changelog”.
This lets you see what has change on a package between the version that is already installed and the latest available version.
Go to a system, and run “yum update --changelog”
Or, for a narrower view, try: “yum update kernel --changelog”
We should use this when we patch, to understand what is changing and to scope potential impact, rather than to simply “patch and pray”. Alone it is not enough (release notes should also be reviewed where available), but it is a good start and may help in flagging potential problems.
In particular, we should look at this on critical infrastructure servers, especially for those that get their software from external repositories where the software changes may be more impactful than standard RedHat/CentOS packages (which generally remain on the same version, with only back-ported bug and security fixes).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment