| 1 |
Please look to the end of this mail why I am cross-posting to |
| 2 |
gentoo-security. |
| 3 |
|
| 4 |
On Fri, Apr 19, 2002 at 04:29:52AM +1000, Todd Wright wrote: |
| 5 |
> |
| 6 |
> And to the person (Andrew I think) who quoted the following from the gentoo site as a reason for not having release branches... |
| 7 |
> |
| 8 |
> "*Portage allows you to set up Gentoo Linux the way you like it*..." |
| 9 |
> |
| 10 |
> It doesnt. Just when I get it how I like it, it changes. |
| 11 |
|
| 12 |
Great line -- I was going to write a lengthy reply to Andrew's mail, |
| 13 |
but you put it in one line exactly. (And nailing with =< in |
| 14 |
/var/cache/edb/world, while a great step in the right direction, isn't |
| 15 |
sufficient; I totally agree!) |
| 16 |
|
| 17 |
Here is my suggestion/wish: |
| 18 |
|
| 19 |
Could one not create an --update security target to emerge. This would |
| 20 |
always do --update system, plus check for any updates of installed |
| 21 |
packages (probably without consulting the edb/world file, or rather |
| 22 |
counterchecking against it (*)) that are "earmarked" security relevant. |
| 23 |
If such a beast existed, I could put a cron job calling |
| 24 |
emerge --update security -buildpkg |
| 25 |
on my test machine, check every morning and distribute the binaries |
| 26 |
to my network of 20+ workstations after quick tests that nothing serious |
| 27 |
has been broken. |
| 28 |
|
| 29 |
This target would give me the best of both worlds: Live on the |
| 30 |
bleeding edge for my personal machine(s) [ which double as test |
| 31 |
machines] and have something similar to a frozen major distribution |
| 32 |
for the network where my boss, my students and collaborators try |
| 33 |
to get their work done. |
| 34 |
|
| 35 |
Oh, and I am happy to try contribute to following security alerts |
| 36 |
and things like that. Unfortunately, I haven't the least clue about |
| 37 |
python, so I don't feel comfortable about writing --update security |
| 38 |
myself. |
| 39 |
|
| 40 |
Stefan |
| 41 |
|
| 42 |
(*) If a user has nailed a package which has a potential |
| 43 |
vulnerability, then the --update security target should yell |
| 44 |
at him, but leave the responsibility with the administrator. That |
| 45 |
would strike me as good Gentoo philosophy, doesn't it? |
| 46 |
|
| 47 |
-- |
| 48 |
Stefan Boresch |
| 49 |
Institute for Theoretical Chemistry and Structural Molecular Biology |
| 50 |
University of Vienna, Waehringerstr. 17 A-1090 Vienna, Austria |
| 51 |
Phone: -43-1-427752715 Fax: -43-1-427752790 |
Archives