[gentoo-dev] Does a automatic security package tool exists?

[gentoo-dev] Does a automatic security package tool exists?

[Karl Peters]

Hi,

the GLSAs to the announce mailinglist are really ok, but if you have more 
gentoo systems, manually updating security related packages is not so much 
fun, and quickly you may forget something.

I imagine a GLSA database like the package.mask file, where information about 
package versions is kept, which packages are insecure and prehaps which 
version are suggested for updating.

Then I could think of a comman tool like qpkg, e.g. secure_check:
# emerge sync
# secure_check //print out secure packages version, if insecure are found
# secure_check | xargs emerge -p //would feed emerge with this information, to 
do a security update of all needed packages with one command


So far so good, does something like this already exists? Is someone already 
working on it?

Regards
Karl Peters

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Does a automatic security package tool exists?

[Joseph Carter]

[-- Attachment #1: Type: text/plain, Size: 1215 bytes --]

On Tue, Mar 11, 2003 at 06:42:54PM +0100, Karl Peters wrote:
> the GLSAs to the announce mailinglist are really ok, but if you have
> more gentoo systems, manually updating security related packages is not
> so much fun, and quickly you may forget something.
> 
> I imagine a GLSA database like the package.mask file, where information
> about package versions is kept, which packages are insecure and prehaps
> which version are suggested for updating.

I support making the information available other methods, but I absolutely
do not want GLSAs to stop being posted to -announce.  It's a good list to
post them to and I recommend any Gentoo user be subscribed to it.  Its
only traffic is the occasional announcement and of course the GLSAs.  Who
can complain about that?

-- 
Joseph Carter <knghtbrd@efn.org>                  SCO must cease to exist!
 
<netgod> heh thats a lost cause, like the correct pronounciation of
         "jewelry"
<netgod> give it up :-)
<sage> and the correct spelling of "colour" :)
<BenC> heh
<sage> and aluminium
<BenC> or nuclear weapons
<sage> are you threating me yankee ?
<sage> just cause we don't have the bomb...
<BenC> back off ya yellow belly


[-- Attachment #2: Type: application/pgp-signature, Size: 253 bytes --]

Re: [gentoo-dev] Does a automatic security package tool exists?

[Karl Peters]

On Tuesday 11 March 2003 19:47, Joseph Carter wrote:
> I support making the information available other methods, but I absolutely
> do not want GLSAs to stop being posted to -announce.  It's a good list to
> post them to and I recommend any Gentoo user be subscribed to it.  Its
> only traffic is the occasional announcement and of course the GLSAs.  Who
> can complain about that?

Nobody, but read again:

> On Tue, Mar 11, 2003 at 06:42:54PM +0100, Karl Peters wrote:
> > the GLSAs to the announce mailinglist are really ok,

To say it again, announcements are really neccessary for user information, but 
I really would enjoy the idea, I have describe in my mail. I think this would 
make security relevant updating more easier.

And I am subscribed to this list, so you don't need to send replies directly 
to me, I already get them with the list.

KP

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Does a automatic security package tool exists?

[Jan Winhuysen]

Hello!
I think something like the "emerge -u world" command would be useful, perhabs 
"emerge -u security" or so...
-Jan

--
gentoo-dev@gentoo.org mailing list