Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Cameron Blackwood" <korg@...>
Subject: Re: Kernels and GLSAs
Date: Thu, 22 Sep 2005 13:46:22 +1000
Jason Stubbs writes:
  |
  | Unfortunately, that is *too* correct. Unfortunate in that both 
  | --depclean and --update only consider USE flags defined in make.conf and 
  | package.use (and embedded in .tbz2s when using binaries). This means 
  | that if package "foo" depends on package "bar" due to USE flag "baz" 
  | being enabled at install time and "baz" is subsequently disabled, "bar" 
  | becomes an orphaned package as far as the graph goes - even though it is 
  | still required.
  | 
  | What does this mean in terms of security? The "only install what you 
  | need" rule is twice as important. Until portage is a little smarter, I 
  | would consider a "healthy" system to be one where `emerge -uDNvp world` 
  | shows no differing USE flags and both `emerge -p --depclean` and 
  | `revdep-rebuild -p` show no packages.
  | 


eeek! depclean wants to remove portmap and screen and all this other
stuff I need.  Ah, because it isnt in /var/lib/portage/world I
guess... it seems Ive overestimated emerge's work.


Ok, so just to get this _totally_ clear, I should: 


   * manally place package names I need in /var/lib/portage/world

   * check my install with
        emerge sync
        emerge -uDNpv world
        revdep-rebuild -p
        glsa-check -l |& grep '\[N\]'

   * update any packages listed by those last 3 commands


Maybe Im just too lazy, but there must be a set of 'best' commands 
to update/check a system documented/written down somewhere? Hopefully
in a possibly automated way. If there isnt, then lets try and cobble
one together. :)


Ah, the simple days when I'd get a list of packages I wanted to keep,
remove them from an   rpm -qa   and then keep trying to remove every
package left until there was no change (and depend on dependancy
trees to keep stuff that I need). :)


cheers,
cam


--
 / `Rev Dr'   cam  at darkqueen.org            Roleplaying, virtual goth \
<   http://darkqueen.org        Poly, *nix, Python, C/C++, genetics, ATM  >
 \  [+61 3] 9809 1523[h]         skeptic, Evil GM(tm). Sysadmin for hire /
                      ---------- Random Quote ----------
Rev. Jim:	What does an amber light mean?                                 
Bobby:		Slow down.
Rev. Jim:	What...   does...  an...  amber...  light...  mean?
Bobby:		Slow down.
Rev. Jim:	What....     does....     an....     amber....     light....
-- 
gentoo-security@g.o mailing list


Replies:
Re: Kernels and GLSAs
-- Kevin Bryan
References:
Re: Kernels and GLSAs
-- Jason Stubbs
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernels and GLSAs
Next by thread:
Re: Kernels and GLSAs
Previous by date:
Re: Kernels and GLSAs
Next by date:
Re: Kernels and GLSAs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.