== SL Provides Automatic Updates ==

The default Scientific Linux 7 installation provides automatic updates via
the +yum-cron+ package.

NOTE: Updates from all enabled repos are provided automatically each night and a
      summary email is set to the *root* account. +
      You are strongly encouraged to set a delivery address for root on your system. +
      This can be easily done as an email alias via link:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/s1-email-mta.html[+/etc/aliases+]

When setting defaults for updates, there are a few choices: 'do not apply', 'notify
the user', 'apply and notify the admin', and 'apply but do not notify'.

For Scientific Linux we've chosen *apply and notify the admin*.

The Scientific Linux user base spans from professional systems admins to graduate
students with little training in systems administration.  So, we've elected to
reduce the security risks for a novice by applying security updates automatically.
Expirenced Systems Administrators are fully capable of disabling automatic updates
and applying the changes during a scheduled downtime.  By applying updates by default
we believe that the systems are left in a \'default less hackable' state.  This helps
protect less experienced users as well as the wider internet from the possible
side effects of unpatched systems.

IMPORTANT: This is a change from the upstream defaults.

* People who are willing to apply security updates automatically can leave it. +
* People who disagree with this can change it a number of ways.
**  For example, there are packages to perform this listed under
    link:#_packages_added_to_sl_not_in_upstream[Packages Added to SL not in Upstream] +
* And people who don't know what to do are left protected. + 

There is a Fedora page on automatic updates that is worth reviewing:
http://fedoraproject.org/wiki/AutoUpdates

// vim: set syntax=asciidoc: