Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Jason Stubbs <jstubbs@...>
Subject: Re: Kernels and GLSAs
Date: Thu, 22 Sep 2005 11:53:06 +0900
Brad Plant wrote:
>>>Ok, I just checked the security handbook and it only mentions
>>>glsa-check. Ok, its probably my bad... but shouldnt emerge world
>>>merge security updates too?
>>
>>"world" is only the contents of /var/lib/portage/world and their (deep 
>>if using --deep) dependencies. Integration of glsa-check in the form of 
>>"emerge --security" or some such is planned. An "all" target is also 
>>planned.
> 
> Running "emerge -pv depclean" should show any packages not covered by
> "world" right?

Unfortunately, that is *too* correct. Unfortunate in that both 
--depclean and --update only consider USE flags defined in make.conf and 
package.use (and embedded in .tbz2s when using binaries). This means 
that if package "foo" depends on package "bar" due to USE flag "baz" 
being enabled at install time and "baz" is subsequently disabled, "bar" 
becomes an orphaned package as far as the graph goes - even though it is 
still required.

What does this mean in terms of security? The "only install what you 
need" rule is twice as important. Until portage is a little smarter, I 
would consider a "healthy" system to be one where `emerge -uDNvp world` 
shows no differing USE flags and both `emerge -p --depclean` and 
`revdep-rebuild -p` show no packages.

--
Jason Stubbs
-- 
gentoo-security@g.o mailing list


Replies:
Re: Kernels and GLSAs
-- Cameron Blackwood
References:
Re: Kernels and GLSAs
-- Cameron Blackwood
Re: Kernels and GLSAs
-- Jason Stubbs
Re: Kernels and GLSAs
-- Brad Plant
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernels and GLSAs
Next by thread:
Re: Kernels and GLSAs
Previous by date:
Re: Kernels and GLSAs
Next by date:
Re: Kernels and GLSAs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.