Re: Update Clamav FC8
People generally don't upgrade just one package. As new versions of Fedora are released, the vast majority of its users download the new distribution and upgrade all their packages to the most recent version. Using yum will keep all your packages up to date as new releases are pushed out from Fedora until a particular release reaches end of life. By that point, you have moved on to the next Fedora release.
Moving from one release to the next can usually be done with a simple in-place upgrade, however I find that in practice there are usually a few old packages on the box from earlier releases that must be removed to make an upgrade work. At that point, you reboot and with luck are on the next release. Then you need to do a search through the /etc directory for any .rpmnew or .rpmsave type file names that indicate the configuration changed and you may need to take action to make the service work by editing your old configuration files to match new options. There is usually a little grumbling involved at the changes they decided to make. Sometimes it takes a few weeks till things settle down and they get update patches out that work for most people on the new version.
This checking /etc for changes isn't any different with CentOS upgrades between minor points. The only difference is there is no upgrade process between major versions of CentOS/RHEL. When they went from 5.? to 6.0, you had to reinstall from scratch and reload all the applicable mail / web / etc. information from the old backups. For Fedora, on the other hand, I had one box at home that I have just retired that had upgraded from FC1 through FC16 using this process.
You just have to keep updating to new versions of Fedora in order to allow yum to keep updating your packages with security fixes. If you have an internet facing important box, you can still stay one release behind, because they keep pushing out updates for the previous release until after the next release is shipped. So now, for example, there are still F15 updates even though F16 is the most recent release, and they will continue till F17 is out. That is usually a safe course unless you have some hardware that simply won't work with an old release. Not all packages get the latest updates - a few must wait till the next Fedora release - but most do, and they try to get all security updates back-ported to all fedora releases that aren't end of life.
With any O/S, it is always good if you are running a service, to try things out on a test box first - even upgrades - just to make sure all is well and then do the update on the live box. When you actually do move between versions with Fedora, you can even do the updates live if you want, restarting various services as they are updated, with not much end user noticeable impact - presuming you've done a test run somewhere else to make sure there are no show stoppers.
CentOS had some hiccups getting 6.0 and 6.1 out - there was a long delay after RHEL released their original till the new one was out on CentOS. They did much better with 6.2 and are hoping to actually make a 2-4 week upgrade window for 6.3 when it comes out.