From: Sam Halicke <tuscantwelve@gmail.com>
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] glsa-check and unused packages
Date: Sat, 10 Sep 2005 19:37:04 -0700 [thread overview]
Message-ID: <ABAF7CBD-9B40-4151-A026-825D25132B29@gmail.com> (raw)
In-Reply-To: <1126395465.18094.36.camel@bunyip>
On Sep 10, 2005, at 4:37 PM, W.Kenworthy wrote:
> use "glsa-check -f package" on each offender first. It will safely
> remove the bad packages.
>
> Due to its history of breaking systems, depclean should be left until
> absolutely necessary.
>
> BillK
>
> On Sat, 2005-09-10 at 15:35 -0700, Ben Munat wrote:
>
>> Owen Ford wrote:
>>
>>> On Sat, 2005-09-10 at 11:49 -0700, Ben Munat wrote:
>>>
>>>
>>>> First, glsa-check claims that I'm vulnerable to 200412-02 and
>>>> 200505-01. The first is
>>>> pdflib and the second is various horde packages. However, I have
>>>> the current versions of
>>>> these installed -- the versions that the glsa says I need to
>>>> solve the vulnerability. So,
>>>> why would glsa-check say I'm vulnerable when I'm not?
>>>>
>>>
>>>
>>> There are probably versions of those packages slotted. I use
>>> emerge -Cp
>>> package to see which are installed.
>>>
>>>
>>
>> Very good... exactly the problem. Thanks.
>>
>> As for dealing with all my orphaned packages, I'm figuring on
>> going through the output of
>> "emerge --depclean" and unmerging everything that comes up with no
>> dependencies under
>> "equery depends" and is something that I don't think I'll use.
>> Does that sound reasonable?
>>
>> Oh, and I'm assuming that "equery depends" just checks for
>> installed packages that depend
>> on the given package... anyone know any way to check a package's
>> dependency against the
>> entire portage tree?
>>
>> b
>>
> --
> gentoo-server@gentoo.org mailing list
>
>
Absolutely agreed with BillK. As I said in my first mail, I have had
BAD experiences with --depclean. His solution is best. However, glsa-
check --fix is not the most trustworthy of solutions. On a production
system always check the ChangeLog and use your own best judgment.
--
gentoo-server@gentoo.org mailing list
next prev parent reply other threads:[~2005-09-11 2:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-10 18:49 [gentoo-server] glsa-check and unused packages Ben Munat
2005-09-10 19:44 ` Owen Ford
2005-09-10 22:35 ` Ben Munat
2005-09-10 23:37 ` W.Kenworthy
2005-09-11 2:37 ` Sam Halicke [this message]
2005-09-21 5:20 ` A. Khattri
2005-09-21 6:26 ` W.Kenworthy
2005-09-21 14:51 ` Pierre Cassimans
-- strict thread matches above, loose matches on Subject: below --
2005-09-12 15:20 Christopher Schwerdt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ABAF7CBD-9B40-4151-A026-825D25132B29@gmail.com \
--to=tuscantwelve@gmail.com \
--cc=gentoo-server@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox