Sounds normal - there is a lot of incremental bug-fixing going on, and you will have a lot of updates if you only check every two weeks. I think you should be checking at least daily, especially if you have anything more than a skeletal set of packages running. You can set a cron job to update/upgrade automatically. I don't have a RHEL server but I'm sure they have a mailing list which will give all the details (maybe this one [redhat.com]?).

hi encyclo

that's a good idea with the cronjob. i'll implement that.

i am actually a member of the enterprise watch list, but i don't find their mails easy to understand (hence most get ignored)

thanks for input

One hint about the cron job: if it's anything like Debian, don't set it on the hour (ie. at 12.00) because you hit a peak of connections from everyone else doing the same: set it at something weird like 3.37am or 7.21pm and you'll get your updates much quicker!

One other thing you can do is comb through the installed programs list and uninstall as much as possible - if you see that you've updates for stuff like browsers then simply removing it will reduce the number of patches as well as vectors for any hacker. For example, from the May 2005 [redhat.com] list of patches, there are critical ones for Gaim (an instant messanging program), ones for the Mozilla and Firefox browsers and one for the Evolution email client. None of these programs are needed for a server, so you can get rid of them. That leaves the glibc, kernel and PHP updates which are of course important.

encyclo,

thanks very much for the tips!