how often do you apply patches? and once a patch is available, do
you need to have them applied asap?
rpm/up2date has the rollback option (that i really don't use
but for me, evaluating the patches first on a clone of a
critical environment is the best practice to make sure
the updates won't break anything.
and since these are OS updates, i don't think the
backup/restore idea is the ideal solution.
but i do have a weekly fs dump of our OS partitions (using
LVM snapshots and dump command) just in case i
need to make reference to some files
in case i did something to mess up my system.
but for application of patches, that i do on a quarterly
basis, i never had the situation that calls for a rollback
because of application problems.