Upgrading database server software is scary. I worked at an organization that spent just shy of a year upgrading Oracle 9i to Oracle 10g. But that's Oracle, and we don't like Oracle 'round these parts.
Micro$oft $QL $erver (ha, take that, Micro$oft!) i$ al$o a $cary upgrade. Updating it, on the other hand, is pretty simple. I've installed service pack updates, and they've just worked. I don't mean to imply that this is trivial for a large organization, but for a small-to-mid-size organization like the shop that C. D. works at, it shouldn't be a big deal.
See, a client called in because he'd run a report that returned incorrect data. A support guy got a copy of the database and ran the report from an internal server - the data was correct. On another internal server, though, he saw exactly the problem the client reported.
The server that returned the wrong data was running off of a base SQL Server 2000 installation. Base, as in, no service packs applied. The other server was completely up to date.
C. D. did some digging and found that the deployment department explicitly forbade installing service packs on client installations. He immediately called his manager. "Oh, yeah, I know that Support refuses to install the service packs, even though they're supposed to," said his manager. "Even the CEO knows they're supposed to, we've put it on our 'Deployment Tools' CD, but they keep ignoring us. They always say 'it'll take too much time.'"
A few weeks later, a client was hit by Slammer, and C. D. tried to shine an even brighter spotlight on Deployment for not installing service packs. The next day, he ran into someone from Deployment, who we'll call "Newman."
C.D.: Hello, Newman.
Newman: Mornin'.
C.D.: Have you had a chance to look at the new deployment scripts?
Newman: Yeah, they're great! They'll save us some time.
C.D.: Cool. I should be finishing the last pieces of the script within the next week or so.
Newman: Oh, don't worry, we don't have to automate everything.
Red flag.
C.D.: Uh, well, you guys don't do everything.
Newman: What do you mean?
C.D.: Well, for starters you could install service packs before you claim to do everything.
Newman: We don't install service packs unless there's a problem. Service packs are inherently dangerous; problems might arise!
Yeah, just like problems might arise if you anger the volcano. C. D. reminded Newman of the Slammer problem, let alone all of the other known exploits for an unpatched SQL Server. C. D. was working on an issue in which a client couldn't add new entries in one of the tables. SQL Server had an issue where certain schema changes (for instance, attempting to add an index that already existed) would reset the count on an identity column, thus preventing new inserts because of a primary key conflict.
Things were getting out of control, so C. D. intensified his fight. With the head of development behind him, C. D. wrote up an email making the case for service packs. He cited the recent problems that could've easily been avoided, potential problems that could be avoided, the simplicity of installing service packs, and even included instructions on verifying which service pack was installed so that Deployment's work could easily be checked.
Service Pack installations are now mandatory, and no excuses are tolerated.