Emerging just critical security updates.

philicorda · n00b Joined: 24 Sep 2002 Posts: 11

Hi.
I have a server which runs gentoo, and would like to keep it up to date with updates for anything that may compromise the security of the computer. (Ie apache, ssh etc)

When I do an emerge -pu world I get a massive list, including updating kde,gcc, media libs etc. I can't really give the cpu time to do such a big update.

Is there any way to filter an emerge -pu world for critical security updates?
Are there any plans to catagorise updates in terms of importance?
It would be nice to be able to have the updates flagged for security/desktop/trivial so it was easier to see if an update was essential to close a hole or just a new version of an app.

dma · Posted: Tue May 06, 2003 3:02 am Post subject:

type:

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

Subscribe to gentoo-announce and update packages when you see a security announcement.

Incorporating this into portage has been discussed, but there's no timeframe for implementation.
_________________
Quis separabit? Quo animo?

gullevek · n00b Joined: 09 Mar 2003 Posts: 23

I really hope a "security problems" update only comes very soon. It would help a lot for slower systems without picking out the single ebuilds by hand

roderickvd · Posted: Wed May 07, 2003 9:54 am Post subject: File a bug report!

I totally agree that it would a great thing and suggest that you file a bug report.

Just like FreeBSD for example, that has the STABLE development line incorporating new features and a seperate line for purportrating just security fixes.

I wager it could easily be done by tagging ebuilds as "insecure". Such ebuilds would automatically get upgraded to the closest newer version.

For example:

xyz-1.1.ebuild (tagged insecure)
xyz-1.1a.ebuild (containing the fix)
xyz-1.2.ebuild (new feature release)

In this case, xyz-1.1 would be upgraded to xyz-1.1a, not xyz-1.2 as a regular emerge -u would do.