I had to help a friend (who works for Redhat Asia-Pacific) last night. He is not a Linux expert and had upgraded his system from 6.1 to 6.2. He upgraded everything on the system (including the kernel) but turned off the option to re-run lilo. (This was because he knew lilo controlled the booting process, and the machine booted fine, so he thought it was unnecessary). The kernel 2.2.14 package removed the 2.2.12 kernel file from /boot, even though lilo was not scheduled to be re-run. This should not be allowed. If lilo is scheduled to be re-run then it is fine for the kernel upgrade to delete the old kernel file. If lilo is not to be re-run, then the old kernel file cannot be deleted. This can lead to the interesting problem of a system working (as the boot loader points to a section of disk with the old kernel) and suddenly failing one day once the old kernel blocks get re-used.
Newer install/updates do this right