It's quite hard to get the balance right between making it as easy as possible for administrators (who may well not be experts) to keep up-to-date with security fixes while avoiding the risk of damaging the system by an over-enthusiastic application of updates. One essential pre-requisite is that it must be possible for a utility to distinguish between security updates and non-security updates; I'm not sure if this is possible at present. And the suggestion about distinguishing between external and internal threats is also a good one. Given this it would be possible for autorpm (or something like it) to ignore most updates and only apply (or offer to apply) security fixes. Bob ============================================================== Bob Vickers R.Vickers@dcs.rhbnc.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhbnc.ac.uk/home/bobv Phone: +44 1784 443691