diff --git a/files/releng/fedora-branched-compose-i386.cfg b/files/releng/fedora-branched-compose-i386.cfg
index 9af66c03d5..a44f78da9f 100644
--- a/files/releng/fedora-branched-compose-i386.cfg
+++ b/files/releng/fedora-branched-compose-i386.cfg
@@ -31,7 +31,7 @@ cost=5000
 
 [static]
 name=static
-baseurl=http://kojipkgs.fedoraproject.org/repos/f19-build/latest/i386
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386
 enabled=1
 #cost=2000
 """
diff --git a/files/releng/fedora-branched-compose-x86_64.cfg b/files/releng/fedora-branched-compose-x86_64.cfg
index 9c9e5eab0f..4791405145 100644
--- a/files/releng/fedora-branched-compose-x86_64.cfg
+++ b/files/releng/fedora-branched-compose-x86_64.cfg
@@ -31,7 +31,7 @@ cost=5000
 
 [static]
 name=static
-baseurl=http://kojipkgs.fedoraproject.org/repos/f19-build/latest/x86_64
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64
 enabled=1
 #cost=2000
 """
diff --git a/playbooks/fedorahosted_fedmsg_git.yml b/playbooks/fedorahosted_fedmsg_git.yml
new file mode 100644
index 0000000000..fd93e14ac1
--- /dev/null
+++ b/playbooks/fedorahosted_fedmsg_git.yml
@@ -0,0 +1,49 @@
+# requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}"
+
+- name: Install the fedmsg hook into a number of fedrahosted git repos
+  hosts: hosted03.fedoraproject.org
+  user: root
+
+  vars:
+    prefix: /srv/git/
+    chained: /hooks/post-receive-chained.d
+    fedmsg_hook: /usr/local/share/git/hooks/post-receive-fedorahosted-fedmsg
+    chained_hook: /usr/share/git-core/post-receive-chained
+
+  tasks:
+
+  # First -- a sanity check.  We want this to fail and stop the playbook if
+  # someone typoed and reponame.  The "command" here claims that it "creates" a
+  # file.  That is not actually true, but it tells ansible to not bother running
+  # the command *if* that creates= file is already present.  Its a hackaround to
+  # make this task idempotent.
+  - name: make sure the git repos exist in the first place
+    command: /bin/ls ${prefix}${item} creates=${prefix}${item}
+    with_items: ${repos}
+
+  - name: ensure there is a post-receive-chained.d/ directory
+    file: >
+        state=directory
+        path=${prefix}${item}${chained}/
+    with_items: ${repos}
+
+  - name: move the old post-receive email hook into the chained dir
+    command: >
+        /bin/mv ${prefix}${item}/hooks/post-receive ${prefix}${item}${chained}/post-receive-email
+        removes=${prefix}${item}/hooks/post-receive
+        creates=${prefix}${item}${chained}/post-receive-email
+    with_items: ${repos}
+
+  - name: symlink the fedmsg hook into the chained dir
+    file: >
+        path=${prefix}${item}${chained}/post-receive-fedmsg
+        src=${fedmsg_hook}
+        state=link
+    with_items: ${repos}
+
+  - name: symlink in the chained hook redirector
+    file: >
+        path=${prefix}${item}/hooks/post-receive
+        src=${chained_hook}
+        state=link
+    with_items: ${repos}
diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml
index 78f22afdf9..765f5eddc2 100644
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@@ -33,6 +33,7 @@
   - /srv/web/infra/ansible/roles/denyhosts
   - /srv/web/infra/ansible/roles/nagios_client
   - /srv/web/infra/ansible/roles/fas_client
+  - /srv/web/infra/ansible/roles/yum-cron
 
   tasks:
   # this is how you include other task lists
diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron
index 35a9c1c0ea..0357c150af 100644
--- a/roles/badges-backend/files/cron/award-libravatar-badge.cron
+++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron
@@ -1 +1 @@
-*/55 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge
+40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /dev/null 2>&1
diff --git a/roles/badges-backend/files/cron/award-oldschool-badges.cron b/roles/badges-backend/files/cron/award-oldschool-badges.cron
index fd7b3ce7b4..33c91e9328 100644
--- a/roles/badges-backend/files/cron/award-oldschool-badges.cron
+++ b/roles/badges-backend/files/cron/award-oldschool-badges.cron
@@ -1 +1 @@
-*/25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges
+25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /dev/null 2>&1
diff --git a/roles/badges-backend/tasks/main.yml b/roles/badges-backend/tasks/main.yml
index ebfc4e277f..42d9e1d1df 100644
--- a/roles/badges-backend/tasks/main.yml
+++ b/roles/badges-backend/tasks/main.yml
@@ -55,6 +55,17 @@
   notify:
   - restart fedmsg-hub
 
+- name: ensure the fedmsg user has a homedir for cron to work
+  file: >
+    state=directory
+    path=/usr/share/fedmsg
+    mode=700
+    owner=fedmsg
+    group=fedmsg
+  only_if: "'$env' != 'staging'"
+  tags:
+  - config
+  - cron
 
 - name: ensure badges cron directories exist
   file: >
@@ -62,6 +73,7 @@
     path=$item
     mode=755
     owner=root
+  only_if: "'$env' != 'staging'"
   with_items:
   - /usr/share/badges/cronjobs/
   - /etc/cron.d/
@@ -75,6 +87,7 @@
     dest=/usr/share/badges/cronjobs/$item
     owner=fedmsg
     mode=744
+  only_if: "'$env' != 'staging'"
   with_items:
   - award-oldschool-badges
   - award-libravatar-badge
@@ -84,10 +97,11 @@
 
 - name: oldschool badge award cronjobs
   copy: >
-    src=cron/$item
+    src=cron/$item.cron
     dest=/etc/cron.d/$item
     owner=root
     mode=644
+  only_if: "'$env' != 'staging'"
   with_items:
   - award-oldschool-badges
   - award-libravatar-badge
diff --git a/roles/yum-cron/tasks/main.yml b/roles/yum-cron/tasks/main.yml
new file mode 100644
index 0000000000..9e82a09a5d
--- /dev/null
+++ b/roles/yum-cron/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+
+#
+# This role adds yum cron package and configuration. 
+# We want this on any public facing Fedora installs so we 
+# can pick up security updates. 
+#
+
+- name: install yum-cron
+  yum: name=yum-cron state=present
+  tags:
+  - packages
+  when: ansible_distribution == 'Fedora'
+
+- name: install yum-cron.conf
+  template: src=yum-cron.conf.j2 dest=/etc/yum/yum-cron.conf mode=0644
+  tags:
+  - config
+  when: ansible_distribution == 'Fedora'
+
+- name: enable yum-cron
+  copy: content="enable yum cron" dest=/var/lock/subsys/yum-cron mode=0644
+  tags:
+  - config
+  when: ansible_distribution == 'Fedora'
diff --git a/roles/yum-cron/templates/yum-cron.conf.j2 b/roles/yum-cron/templates/yum-cron.conf.j2
new file mode 100644
index 0000000000..ecefacff82
--- /dev/null
+++ b/roles/yum-cron/templates/yum-cron.conf.j2
@@ -0,0 +1,76 @@
+[commands]
+#  What kind of update to use:
+# default                            = yum upgrade
+# security                           = yum --security upgrade
+# security-severity:Critical         = yum --sec-severity=Critical upgrade
+# minimal                            = yum --bugfix upgrade-minimal
+# minimal-security                   = yum --security upgrade-minimal
+# minimal-security-severity:Critical =  --sec-severity=Critical upgrade-minimal
+update_cmd = security
+
+# Whether a message should emitted when updates are available.
+update_messages = yes
+
+# Whether updates should be downloaded when they are available. Note
+# that updates_messages must also be yes for updates to be downloaded.
+download_updates = yes
+
+# Whether updates should be applied when they are available.  Note
+# that both update_messages and download_updates must also be yes for
+# the update to be applied
+apply_updates = yes
+
+# Maximum amout of time to randomly sleep, in minutes.  The program
+# will sleep for a random amount of time between 0 and random_sleep
+# minutes before running.  This is useful for e.g. staggering the
+# times that multiple systems will access update servers.  If
+# random_sleep is 0 or negative, the program will run immediately.
+random_sleep = 0
+
+
+[emitters]
+# Name to use for this system in messages that are emitted.  If
+# system_name is None, the hostname will be used.
+system_name = None
+
+# How to send messages.  Valid options are stdio and email.  If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages.  If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = stdio
+
+# The width, in characters, that messages that are emitted should be
+# formatted to.
+ouput_width = 80
+
+
+[email]
+# The address to send email messages from.
+email_from = root@localhost
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[groups]
+# List of groups to update
+group_list = None
+
+# The types of group packages to install
+group_package_types = mandatory, default
+
+[base]
+# Use this to filter Yum core messages
+# -4: critical
+# -3: critical+errors
+# -2: critical+errors+warnings (default)
+debuglevel = -2
+
+# override yum options of the same name
+# skip_broken = True
+
+mdpolicy = group:main