Re: [gentoo-dev] RFC: security updates only? (security-1.0.ebuild)

[Klavs Klavsen <kl@vsen.dk>]

[-- Attachment #1: Type: text/plain, Size: 1071 bytes --]

How about starting with putting the GLSA's in the tree?

That would be step 1. 

Then an emerge sync would give you new security information too.
or perhaps an glsa-ebuild?

After this, I agree it would be best to add a --security option.

IMHO this should work, so emerge -u world --security (or -S - or is that
too close to -s?) would look at all the upgrades suggested by the world
- and then check against the glsa's and see if any of them have are
mentioned here. The glsa's should be named after the package version
that fixes this issue, that way it would be easy to check and upgrade if
the currently installed is older.

Better solutions are welcome - but are they as easy to implement as
this?
-- 
Regards,
Klavs Klavsen, GSEC - kl@vsen.dk - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8  B8DA 3D3A 0B79 7E06 3C62
See my new CMS Hosting Service at http://www.VirkPaaNettet.dk

Working with Unix is like wrestling a worthy opponent. 
Working with windows is like attacking a small whining child 
who is carrying a .38.				

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]