[Sunhelp] patch cluster

[Dale Ghent]

On Fri, 20 Oct 2000, Cardinal Christopher wrote:

| So, what's the general view on/experience with patch clusters, anyway? Apply
| them religiously, or only apply patches that you know you need? I'd hate to
| apply a cluster and be worse off than I was.

As far back as I remember, applying patch clusters have only fixed things
for me, not made them worse. The only time applying a patch made things
worse was when I applied a QFE driver patch (that is not in the
cluster) and it had a bug in it that only manifested on a SS20 with a QFE
card, which is what I had. Needless to say, my SS20 wouldnt talk to the
network after it came back up from the reboot. sigh.

But anyway, back to patch clusters. There's two good reasons for applying
patch clusters. The first and most important are the security patches Sun
puts in the clusters. Sun includes almost every patch that fixes a
security hole in a Solaris rev in the cluster, making it pretty convienent
to ensure that your machine(s) are up to date. Second are the kernel
patches. Some kernel revs dont fix a whole alot of aparently important
stuff, but others can and do. The most recent example of this is the
105181-23 (Solaris 2.6 kernel) patch that includes E$ scrubbers for
UltraSPARC-II CPUs. This is Sun's response to those CPU cache memory error
alegations. Other revs have fixed things such as TCP/IP performance, added
new kernel features, and better driver performance and reliability.

So in general, I would suggest that it would be good practice to apply the
cluster to your machines at least every 3 months. Perhaps more often
depending on what a particular machine does.

/dale