View previous topic :: View next topic |
Author |
Message |
philicorda n00b
Joined: 24 Sep 2002 Posts: 11
|
Posted: Tue May 06, 2003 1:49 am Post subject: Emerging just critical security updates. |
|
|
Hi.
I have a server which runs gentoo, and would like to keep it up to date with updates for anything that may compromise the security of the computer. (Ie apache, ssh etc)
When I do an emerge -pu world I get a massive list, including updating kde,gcc, media libs etc. I can't really give the cpu time to do such a big update.
Is there any way to filter an emerge -pu world for critical security updates?
Are there any plans to catagorise updates in terms of importance?
It would be nice to be able to have the updates flagged for security/desktop/trivial so it was easier to see if an update was essential to close a hole or just a new version of an app. |
|
Back to top |
|
|
dma Guru
Joined: 31 Jan 2003 Posts: 437 Location: Charlotte, NC, USA
|
Posted: Tue May 06, 2003 3:02 am Post subject: |
|
|
type:
Code: | emerge --changelog --deep --puv world | less |
(It's the best I can come up with at the moment!)
But I highly recommend that.
Keep in mind that Gentoo changelogs often just say "bump for new version" without telling what that new version does. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Tue May 06, 2003 3:10 am Post subject: |
|
|
Subscribe to gentoo-announce and update packages when you see a security announcement.
Incorporating this into portage has been discussed, but there's no timeframe for implementation. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
gullevek n00b
Joined: 09 Mar 2003 Posts: 23
|
Posted: Wed May 07, 2003 7:43 am Post subject: I hope it comes soon |
|
|
I really hope a "security problems" update only comes very soon. It would help a lot for slower systems without picking out the single ebuilds by hand |
|
Back to top |
|
|
roderickvd n00b
Joined: 25 Aug 2002 Posts: 46 Location: University of Twente
|
Posted: Wed May 07, 2003 9:54 am Post subject: File a bug report! |
|
|
I totally agree that it would a great thing and suggest that you file a bug report.
Just like FreeBSD for example, that has the STABLE development line incorporating new features and a seperate line for purportrating just security fixes.
I wager it could easily be done by tagging ebuilds as "insecure". Such ebuilds would automatically get upgraded to the closest newer version.
For example:
xyz-1.1.ebuild (tagged insecure)
xyz-1.1a.ebuild (containing the fix)
xyz-1.2.ebuild (new feature release)
In this case, xyz-1.1 would be upgraded to xyz-1.1a, not xyz-1.2 as a regular emerge -u would do. |
|
Back to top |
|
|
|