> I've just installed Solaris 8 (2/02) on my Ultra 5 and was wondering if
> there is a reliable source for patches that need to be applied. Sun's site
> is somewhat confusing. There is the 8_Recommended patch cluster, then there
> is PatchPro which gives me a list for the recommended and Security patches
> that I should apply to my specific system, then there is patchdiag which I
> ran and it gave me a report of installed and uninstalled patches. Each of
> these tools list patches that are universal across each list but then each
> tool lists a number of patches that neither of the other does!
Patchdiag with the "-l" option will list patches for your OS
that can't be installed either due to missing dependencies
or the target package isn't installed.
Quote:> I would think that patchdiag is the most accurate since it takes into
> consideration which packages are installed on my system but the "Unlisted
> patches" sections of the report are confusing. Do I need to install these
> patches also?
Not really. Depends on your platform, the patch, etc. I prefer
to work off patchdiag's report though.
Quote:> Obviously I do not want to spend more time than I have to to patch my
> machine, but I want to be sure my system is up to par as best I can.
For a workstation/desktop the recommended patch cluster and
any security patches would suffice. You can install any extras
if you think they would be of benefit to you.
Quote:> Any ideas? How do other sys admins approach patches on newly installed
> machines or updates for that matter?
For important production machines? Labouriously. One at a time
on a test system with testing directed at the things the patch
fixes. This may include removing earlier versions of the patch
to manage space issues. Less labouriously for less critical
systems. A few patches at a time with a few corners cut to save
time when testing. Naturally, you don't want to devote too much
time to patching. Download the xref file on a regular basis
(monthly or fortnightly etc.), run patchdiag with the old xref
and redirect output to a file, plug in the new xref, run it
again and redirect to another file then diff the files and
decide if the patch changes are worthwhile chasing.
-am ? 2002