1 |
Roy Wright wrote: |
2 |
|
3 |
> Most of the time, I just open an konsole and do the |
4 |
> update. Occasionally I'll postpone if the update looks |
5 |
> really large or time consuming. For major gui components |
6 |
> like KDE or xorg, I'll exit KDE and emerge from the |
7 |
> command line over the weekend (ok, probably overly |
8 |
> cautious, but I was burned once). |
9 |
|
10 |
|
11 |
I have emerged kde and xorg-x11 from within kde without any problems. I |
12 |
was even emerging firefox while surfing the web. I probably played some |
13 |
Doom III too. |
14 |
|
15 |
> Occasionally I'll get a blocking condition. I really think |
16 |
> twice now before just unblocking via package.keywords. |
17 |
> I've found that waiting a day or two might result in |
18 |
> portage handling the unblocking. |
19 |
|
20 |
Firefox is a good example. When mozilla-firefox-1.0.5 came out in ~arch |
21 |
in response to a GLSA, it hit +arch within the next 24-36 hours, if I |
22 |
recall. I would just "ACCEPT_KEYWORDS='~amd64' emerge -a |
23 |
mozilla-firefox" in these situations rather than messing with |
24 |
package.keywords. Then, I'd just keep an eye out for new stable |
25 |
packages and emerge them as appropriate. If you unblock via |
26 |
package.keywords you will be resigning yourself to always using a |
27 |
testing version, thus exposing yourself to more new bugs than if you |
28 |
stayed in stable. |
29 |
|
30 |
However, if you simply wait a day or two, you are leaving yourself |
31 |
susceptible to exploits for that entire time. Think about how many |
32 |
spams arrive in thunderbird in that amount of time. It would only take |
33 |
one hastily written spam exploiting the right vulnerability and then |
34 |
POW! As unlikely as that may be, I'd rather install security updates |
35 |
the very instant I find out about them instead. |
36 |
|
37 |
-- |
38 |
"Pluralitas non est ponenda sine necessitate" - W. of O. |
39 |
|
40 |
-- |
41 |
gentoo-amd64@g.o mailing list |