From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-5651-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 19846 invoked by uid 1002); 15 Aug 2003 05:31:41 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 23577 invoked from network); 15 Aug 2003 05:31:40 -0000
Date: Fri, 15 Aug 2003 07:31:33 +0200
From: Marius Mauch <genone@genone.de>
To: gentoo-dev@gentoo.org
Message-Id: <20030815073133.30d97b62.genone@genone.de>
In-Reply-To: <1060754363.3361.4.camel@amd.vsen.dk>
References: <1060754363.3361.4.camel@amd.vsen.dk>
X-Mailer: Sylpheed version 0.9.4claws (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [gentoo-dev] security updates only?
X-Archives-Salt: ba313015-3fd0-49b9-b9fa-0f0bf08be44a
X-Archives-Hash: 5ae580a0e40c4678962172368e8df99c

On 13 Aug 2003 07:59:23 +0200
Klavs Klavsen <kl@vsen.dk> wrote:

> Hi guys,
> 
> I know there has been several requests (also from me) asking for a way
> to do security updates only.
> 
> Something like emerge -s world --nodeps (should update every package
> that has had a GLSA for it if the version matches the GLSA(s)) would
> IMHO be very cool and very much needed. Then I bet many people would
> set that to update automagically - which should be possible - would
> help security a whole lot :)
> 
> I'm no python programmer (atleast not yet - a frind of mine tells me
> it's quite easy, and a cool language :) - and I don't know how well
> portage is structured, but I think this security thing could easily be
> accomplished, if the GLSA's were added to the tree (why shouldn't they
> - they don't take up much space, and why should people have to go to
> the webpage, or receive an email to get notified?).
> 
> What do you think?

I wrote a small prototype for that, but it needs support from the
GLSA guys as it is very difficult to get the GLSA from a script as they
are only published at different mailing lists and the forums. Another
issue is that my script works with XML versions of GLSA, so someone
needs to convert the plaintext versions.
Code, DTD and sample XML GLSA are available at
http://gentoo.devel-net.org/glsa/ .

Marius

--
gentoo-dev@gentoo.org mailing list