1 |
Please look to the end of this mail why I am cross-posting to |
2 |
gentoo-security. |
3 |
|
4 |
On Fri, Apr 19, 2002 at 04:29:52AM +1000, Todd Wright wrote: |
5 |
> |
6 |
> And to the person (Andrew I think) who quoted the following from the gentoo site as a reason for not having release branches... |
7 |
> |
8 |
> "*Portage allows you to set up Gentoo Linux the way you like it*..." |
9 |
> |
10 |
> It doesnt. Just when I get it how I like it, it changes. |
11 |
|
12 |
Great line -- I was going to write a lengthy reply to Andrew's mail, |
13 |
but you put it in one line exactly. (And nailing with =< in |
14 |
/var/cache/edb/world, while a great step in the right direction, isn't |
15 |
sufficient; I totally agree!) |
16 |
|
17 |
Here is my suggestion/wish: |
18 |
|
19 |
Could one not create an --update security target to emerge. This would |
20 |
always do --update system, plus check for any updates of installed |
21 |
packages (probably without consulting the edb/world file, or rather |
22 |
counterchecking against it (*)) that are "earmarked" security relevant. |
23 |
If such a beast existed, I could put a cron job calling |
24 |
emerge --update security -buildpkg |
25 |
on my test machine, check every morning and distribute the binaries |
26 |
to my network of 20+ workstations after quick tests that nothing serious |
27 |
has been broken. |
28 |
|
29 |
This target would give me the best of both worlds: Live on the |
30 |
bleeding edge for my personal machine(s) [ which double as test |
31 |
machines] and have something similar to a frozen major distribution |
32 |
for the network where my boss, my students and collaborators try |
33 |
to get their work done. |
34 |
|
35 |
Oh, and I am happy to try contribute to following security alerts |
36 |
and things like that. Unfortunately, I haven't the least clue about |
37 |
python, so I don't feel comfortable about writing --update security |
38 |
myself. |
39 |
|
40 |
Stefan |
41 |
|
42 |
(*) If a user has nailed a package which has a potential |
43 |
vulnerability, then the --update security target should yell |
44 |
at him, but leave the responsibility with the administrator. That |
45 |
would strike me as good Gentoo philosophy, doesn't it? |
46 |
|
47 |
-- |
48 |
Stefan Boresch |
49 |
Institute for Theoretical Chemistry and Structural Molecular Biology |
50 |
University of Vienna, Waehringerstr. 17 A-1090 Vienna, Austria |
51 |
Phone: -43-1-427752715 Fax: -43-1-427752790 |