So you advocate changing the kernel automatically when cpanel runs upcp? That's crazy-talk. Maybe I'm just too cautious, but updating a kernal is something *major* that if somehow it gets messed up - no rebooting for you.
To be honest I'm not sure wether SM do it or C Panel does it. I'm technically ignorant. But they are different options on the SM set up page - you don't have to have CPanel to have the kernel updater, so I guess it's nothing to do with CPanel.
What is the greater risk? Risking the server crashing from something happening in the kernel update, or risking a hack attack from having an old kernel?
thedavid, are you suggesting not doing it automatically, but asking for it every so often? How often do kernel updates come out?
Not very often. The last couple of months have seen a few updates due to vulnerabilities, but it's not too frequent (you won't be opening tickets each day, for example). Additionally, I can't remember the last time there's been a remote root vulnerability - the attacker has to have another way in first, before attacking the kernel.
If there is one, you'll likely see notices about it here(security forum), at slashdot.org, at servermatrix's forums, and hundreds of other places.. Just keep your eyes peeled - auto-updates are not enough to secure a server alone.