No, that's exactly what I've said (just w/ more words): the package set changes. The reason behind the differenciation between plain upgrade and release-upgrade is that operators might not expect a changing package set (eg. possibly some packages disappearing, or new ones appearing that migh...

I've you're at least slightly concerned about security - kick out the cisco stuff.

The correct solution is to drop that useless dns-proxy and use a real nameserver (eg. bind9 or djbdns). Actually, I really wonder why a mailserver like Zimbra ships it's own nameserver, which is completely out of scope - totally redundant. Oh, by the way: are you sure, you want to send all your ...

maybe move /opt/zimbra to different spindle, and put the ext4 journal on an SSD. for the VM - if the host is Linux: switch to kvm w/ parvirt (vmware's io performance is horrible), increase the vm memory, limit the (guest) kernel's cache size and drop the swap (IOW: let the host do the swappi...

Use a milter for that.

> don't do a dist-upgrade, you will upgrade your entire Ubuntu to the next version, 10 to 12, 12 to 14. No, what you're talking about is `do-release-upgrade`. (at least for Ubuntu) The dist-upgrade is only needed if the package set changes, eg. because an upgrade would pull in new dependenci...

Zimbra's JDK instance is completely seprated from the system's one, so there shouldn't be any problem here. OTOH, I'd always suggest isolating these services into separate containers or VMs. (by the way: containers are *way* more efficient than VMs, and Zimbra seems to play well w/ c...

A simple `apt-get update && apt-get upgrade` should be enough. And that should be pretty safe. Actually, never had any serious trouble with that, as the usual policy @ubuntu (same w/ Debian) only does _minor_ bugfix/security upgrades (within a release) - they usually dont upgrade to newer (m...

Havent checked freeradius, whether it really doesnt support sha512. But it really should do - so, it the correct way is to fix it.

also had the connection refused problem on last Sat. > Okay, I don't get the Connection refused-error anymore, only a "Waiting for access to repository" again. :( IIRC, it's waiting for the p4->git sync process to complete. maybe some stale locks, etc ... IMHO, it's better to r...