So do I, and they were impacted by the recent...I want to say dovecot/postfix problem on Debian that affected their entire platforms ability to send emails.
That said, that's only the second time they've had any problem with that process in three years that I am aware of - every other security update they've run has gone through without a glitch.
No update process is entirely without risk, which is why so many orgs have patch paranoia - god knows, I work at one and thanks to a custom software stack which the entire business runs around, on which they have almost complete technical debt - it's a fucking nightmare to keep on top of security of servers that aren't fully supported any more, and which weren't implemented well in the first place (no snapshotting capability, no staging environment, flat network so no test vlans etc)
But hiring a dev to pull the stack apart and re-implement it in modern platform/environment? Why would we need to do that? It's not broken!
*bangs head against desk*
Biting the hand that feeds IT
