How often do you upgrade your kernel?
 

How often do you upgrade your kernel?

Almost never...
 

The one that is in my head: never...
My Linux ones: Only when I'm forced to do it(newer kernel needed by new software).

Every three years, when I upgrade my distro.

Agreed. There have been times where I've waited 2+ years and mitigated the risk (and things were fine). This is for a server that I treat as a production machine, though its for my own use and isn't business-affiliated. For a network that is exclusively Linux though (or close to it), I'd probably have a more frequent upgrade plan.

Around that. Sometimes I may have a reason to upgrade sooner, but it's rare.

Agree with the above, unfortunately there aren't any options for that in your poll.

If there's a security update, I'll install it but not reboot until I have another reason for it.

The only correct answer for a machine that's connected to the net is "each time there's a new stable release". Unfortunately there's no such option in the poll, I will vote more than once a month because that's roughly every two weeks I think.

I'm pretty much with Jesús above -- I follow the patches on kernel.org, and when one either is security related, or fixes or improves something related to my hardware (or in the case of major (?) version increases like from 2.6.30 -> 2.6.31), I generally patch up to that release and rebuild. Sometimes this means rebuilding more than once per month, and sometimes less often. I voted for option 4.

Sasha

Believe it or not, due to office change control procedures and/or politics, it's not always possible to perform frequent kernel upgrades. It's easy to take a hard line on this (which I agree with, BTW), but when the boss man refuses and you have a mortgage to pay, you'll likely adhere to the formal policy.

I voted "once a year". That's what it realistically is on certain production systems.

Indeed business agreements dictate different upgrade routines but for a net-facing SOHO machine to only receive updates on a yearly basis or more just does not seem right IMHO. For me personally it's within 24 hours of time of update for (almost all) machines.

Since there is at least one local level privilege escalation exploit a year that is a pretty bad move to do it only once a year or less.

I've been using fanout to run a yum update and then reboot multiple servers at once.

Then I have fanout run uname to make sure the kernel upgrade took effect. Sometimes I have to change grup, or yum has a dependency problem that needs fixing.

For workstations that don't contain anything critical you can live with the same kernel for 20 years if that's your boss' wish, but for a production machine that's exposed to the net, that's just plain wrong. If that's the boss' policy, so be it, but that doesn't make it any better.

I know you have no control over that, but it like everything wrong in life: you can ignore it or try to change it.

So how about machines that are not part of the critical infrastructure but may serve as springboard to other systems?..

It depends on the kind of access they have to the critical systems. Anything containing sensible info should be secured as much as possible. It needs to be evaluated on a case by case basis.

In general, I never neglect any machine, even if it's function is apparently trivial.