| View previous topic :: View next topic |
| Author |
Message |
grzes
n00b
Joined: 16 Apr 2004
Posts: 8
|
 Posted: Fri Apr 16, 2004 9:25 pm Post subject: portage & security updates |
 |
|
Sorry if this problem was mentioned in past, I haven't found any solution.
1. How to make portage to download and install all and only security updates of installed packages? "emerge world" will download all updates, even non-security-critical, which in fact can be unnecessary at a moment and can introduce some chaos. In binary-based distros, such as Mandrake, there is a separate repo with security updates and only with it. How is this handled in Gentoo?
2. As far as I understood, before "emerge sync" the portage will not know about any new urgent security updates which came after last "emerge sync". And the rules are that I should not "emerge sync" more frequently than once per 24 h. If so, in case of any new vulnerability I can have the patch even 23 h 59 min after it is released. It's far enough for crackers and script-kiddiz worldwide to exploit.
_________________
--
Derek |
|
| Back to top |
|
 |
manuels
Advocate
Joined: 22 Nov 2003
Posts: 2146
Location: Europe
|
| Posted: Fri Apr 16, 2004 9:47 pm Post subject: |
|
|
for your first question:
| Code: | | glsa-check --fix all |
|
|
| Back to top |
|
|
grzes
n00b
Joined: 16 Apr 2004
Posts: 8
|
| Posted: Fri Apr 16, 2004 11:26 pm Post subject: |
|
|
Thx.
Yes, the second one formally was not a question. The question is: how to get informed about new security updates without lags and without violating the netiquette?
_________________
--
Derek |
|
| Back to top |
|
|
bmph8ter
n00b
Joined: 06 May 2002
Posts: 46
|
|
| Back to top |
|
|
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Fri Jul 02, 2004 5:19 pm Post subject: |
|
|
Subscribing to the gentoo-announce list is the quickest way. Most of the time the mail comes before the GLSA is replicated in portage mirrors.
--
Koon / Gentoo Linux Security Team |
|
| Back to top |
|
|
|
Networking & Security
