[tmottabr]

no one in that scenario would not do things manually like in the article.

but if doing it, then at minimum you should use an custom install media with latest packages bundled and all the configuration already backed so you hit the ground with sane defaults and cover the first 5 minutes from this articles during install time.

also in any install i would always do a netinstall to get any updates between media generation and install time, so you should always have the latest and greats at install time.

[garmaine]

That would leave the installer exposed though for the duration of installation. I typically did installs disconnected from the internet for that reason.

[tmottabr]

yeah.. any realistic case that is how you would do it..

but the scenario i was replying was install a server and immediately start it with a public facing IP before updating..

if i had to do that with no other sane option.. that is how i would do it.. custom install media with latatest patches bundle and ore-configured as much as possible..

But i agree, i wold not install a public facing server while it is public facing, i would install it offline or in a private network, update, configure, secure and then expose it..