Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
best practices for security updates?
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message

Joined: 31 May 2010
Posts: 1

PostPosted: Mon May 31, 2010 5:39 am    Post subject: best practices for security updates? Reply with quote

I used to use Gentoo a while back and keep wanting to come back. One concern I had was about how to keep my system up-to-date.

If I understand correctly, Gentoo is a rolling release, so packages are updated continuously and not a regular full release every 6 month type of thing. The concern I have is that I've found FAQs and wikis that imply people simply update their portage tree, then run glsacheck and update only those packages. Couldn't this potentially lead to an unstable system?

If the glsacheck led me to update a package which then had to bring in an update to a dependency, other packages that use that same dependency could now be broken due to the new version. It seems the only appropriate usage is what I essentially used to have to do when I was using Arch - update the package list, then update all packages in the system.

This would also apply to anything - not just security updates. If I wanted the latest version of firefox, I'd need to update my portage tree. At this point, I really should emerge world because if I only install the new firefox, I could be bringing in other dependencies that could make the system inconsistent.

Am I correct about this or am I not thinking about this right? Maybe dependency checking/installation works differently than in Arch so it's not so much of an issue?

thanks for any suggestions you might have.
Back to top
View user's profile Send private message

Joined: 18 Jul 2002
Posts: 2889
Location: Omnipresent

PostPosted: Mon May 31, 2010 6:06 am    Post subject: Reply with quote

You have the basic idea. If you upgrade some deep dependency, the packages depending on it may themselves need to be updated.

First, Gentoo developers recommend that you upgrade all packages in your systems at once, like on Arch. This is the obvious way to solve your problem. After doing the global upgrade, run the script "revdep-rebuild" to identify and rebuild packages with broken library link.

Second, if you don't want to do that, you can just update the packages with security alerts, then revdep-rebuild. Note, however, that this script won't catch broken runtime dependencies in Xorg, Python, Java, etc. that the developers may have missed. Gentoo devs work primarily with the latest versions in Portage, so the risk is higher of some weirdness if you upgrade only deep deps.

I myself only upgrade individual packages, and only when the package disappears from Portage or there is a security alert. My only screw-up in this practice involved "slots" (more here).

Personal overlay | Simple backup scheme
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum