At the time I took over systems administration, our organization's patch strategy was, if it aint broke, don't try and fix it.
This failed miserably. We now do the following:
Quarterly releases when they come out(made necessary by Oracle support requirements).
Security patches, installed as often as twice a month, test systems first, two weeks later production.
Hardware Patches, we just recently go our old D class servers to sucessfully install HWE, our plan is to stay current quarterly.
If we have specific problems brought to light by q4 dump analysis or specific support issue, we follow the same plan as we do with security patches.
For example, this weekend is a patch maintenance weekend, I'm allowed to install on production systems. Two weeks ago, I upgraded sendmail in test. No it goes production. Test gets the new binaries next maintenance window. I've recently tested the CIFS patch, due to security bulliten, since it tests well, all systems will probably get it this weekend.
I rate our policy as sane, but agressive. In the past every time we back off circumstances force us to roll forward anyway.
SEP
OT: Prayers for the forces in Iraq. Condolences to the families. Prayers for peace and freedom for Iraq. Prayers for a just peace in the world.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
