Automatic patch advisories for software on Gentoo systems??

carlos123

One of the best things about Redhat is their advisories. Sent to my email address letting me know of critical updates to the software I have on my Redhat system.

I can read these advisories and then decide whether to patch the software or not depending on whether I think it's neccessary. I can even schedule the patching to be done at odd hours of the night. Automatically over the Internet.

I was wondering if anyone knew of any third party advisory services that I could use apart from that of Redhat? That could keep me informed about critical patches available for programs on my Gentoo system?

I suppose I can do what I am doing now which is to continue to receive advisories from Redhat and do an emerge to the latest package from Gentoo if it's available but their advisories are for software installed on my Redhat. Not for those installed on Gentoo.

Fortunately most of the software is the same so it's still useful to me but my customers will not be so fortunate when I install nothing but Gentoo on their systems.

Does anyone know of an alternative way to keep up with the latest in what needs to be patched up as new security holes are discovered in open source software? For Gentoo systems?

How do some of you running Gentoo servers keep up with critical updates to installed software? I can't imagine that you manually scour the Internet once a week to see if any of your software needs updating

Thanks.
Carlos
_________________
I'm not yet a real Guru so if you are a newbie here and want to teach me a thing or two, please do! I'm still learning just like you.

Carlos · Posted: Thu Mar 20, 2003 2:49 am Post subject:

Hello again Carlos.

How about GLSAs? I think you can get them on a mailing list, or check for htem in News and Announcements.
_________________
Man must shape his tools lest they shape him.

carlos123 · Posted: Thu Mar 20, 2003 3:40 am Post subject:

Hey Carlos. Como va?

Thanks! Not quite what I had in mind in terms of nice convenient email notices specific to my system software only but looks like GSLA's are going to have to do.

I hadn't thought of receiving them through a list (since lists tend to fill up my mailbox for the few messages that I really want to receive) but I will have to see about using filters or such to only receive what I am interested in.

Interesting possibilities!

Carlos
_________________
I'm not yet a real Guru so if you are a newbie here and want to teach me a thing or two, please do! I'm still learning just like you.

Carlos · Posted: Thu Mar 20, 2003 3:46 am Post subject:

carlos123 · Posted: Thu Mar 20, 2003 3:56 am Post subject:

Thanks for the follow up Carlos.

You know what's funny. We both got the same first name and both of us have kinda lost our Spanish and both of us are using Gentoo

.

How do you like my picture? I kinda look like Captain Picard don't I?

.

Carlos
_________________
I'm not yet a real Guru so if you are a newbie here and want to teach me a thing or two, please do! I'm still learning just like you.

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

If I recall correctly, there was a GWN that mentioned talk about portage handling some GLSA info. Nothing absolute yet, but it at least appeared to be a possibility.

Moved from Other Things Gentoo.
_________________
Quis separabit? Quo animo?

carlos123 · Posted: Thu Mar 20, 2003 7:21 am Post subject:

That's great pjp. What I REALLY like about portage is that it's apparently a community effort that allows anyone who wants to create an ebuild to do so. While distro's like Redhat's may have some neat stuff they do seem to foster less of a community spirit like Gentoo has.

I look forward to seeing what develops in portage in the days to come!

Carlos
_________________
I'm not yet a real Guru so if you are a newbie here and want to teach me a thing or two, please do! I'm still learning just like you.

irv · Posted: Fri Mar 21, 2003 5:29 pm Post subject:

carlos123 · Posted: Fri Mar 21, 2003 11:35 pm Post subject:

Way cool Irv!! Thanks for sharing the code.

I will definitely be chewing on it and looking to revised it for use on my Gentoo system.

Carlos

PS. You must be some Linux guru to be writing code like that and having this be your first post to the Gentoo forum. Of course just about any bash script looks like guru stuff to me at this point but still - 1 post? You must definitely know what you are doing. Thanks again.
_________________
I'm not yet a real Guru so if you are a newbie here and want to teach me a thing or two, please do! I'm still learning just like you.

irv · Posted: Sat Mar 22, 2003 12:43 am Post subject:

carlos123 · Posted: Sat Mar 22, 2003 1:24 am Post subject:

I know that this isn't in line with the topic of this thread irv but may I ask you why you switched from LFS to Gentoo? Was the use of portage a major factor? Just curious.

Carlos
_________________
I'm not yet a real Guru so if you are a newbie here and want to teach me a thing or two, please do! I'm still learning just like you.

allucid · Veteran Joined: 02 Nov 2002 Posts: 1314 Location: atlanta

modal · Apprentice Joined: 02 Oct 2002 Posts: 277

this is an idea to post on the gentoo hardened mailing list.

irv · Posted: Sat Mar 22, 2003 8:32 am Post subject:

christsong84 · Posted: Sat Aug 23, 2003 2:49 pm Post subject:

Genone · Posted: Sat Aug 23, 2003 6:38 pm Post subject:

There is currently a discussion about the GLSA release process, special handling for security updates and integration into portage on the gentoo-dev mailing list. The base for this discussion is GLEP #14 (see http://glep.gentoo.org). If you want to take part in the discussion please do it on the gentoo-dev mailinglist and not here, so that all discussion is in one place, that makes it a lot easier to follow it.