[rsbac] updating applications

[Andrea Pasquinucci]

I would like to ask the list which startegy is most adopted for updating 
applications, i.e. all software except for RSBAC, like apache etc. I 
like to keep my software up to date as much as possible, and I check 
daily for updates. Currently I try to follow the following approach

1. check for updates (possibily daily)
2. if there are updates continue, otherwise stop
3. switch down internet interface
4. switch to softmode (could require reboot)
5. shutdown, update, restart software
6. reinstall all/most/relevant rsbac rules
7. switch to secure mode (could require reboot)
8. up internet interface

Any comment, smarter way ... ? I see as an alternative to switching to
softmode, to remove the read-only flag from the files to be updated and
then re-apply the read-only flag after the update (in some cases this
could be a lot of work, depending on the setup obvioulsy).

Andrea