| 1 |
Is the end result supposed to be that someone could have a box get |
| 2 |
updates in response to GLSAs withouting doing an emerge rsync and a |
| 3 |
world update? |
| 4 |
|
| 5 |
Seems like right now, when a GLSA is issued, they say "update to this |
| 6 |
version" to fix yourself. Which involves an rsync. So the ebuild to |
| 7 |
fix the security hole isn't explicitly for security, its just another |
| 8 |
ebuild as far as Portage knows. |
| 9 |
|
| 10 |
And so if the idea is that someone running a server is wanting to |
| 11 |
abstain from CONSTANTLY updating everything for nothing, but DOES want |
| 12 |
to snag the security updates, this method is a little sloppy, since he'd |
| 13 |
have to rsync and eventually if he abstained too long, the new ebuilds |
| 14 |
to fix security flaws might not work due to deps on other things. |
| 15 |
|
| 16 |
Debian, for example, backports the security fixes for Woody - your |
| 17 |
software doesn't really change after you patch. |
| 18 |
|
| 19 |
Myself, I grabbed the 1.4.1 Portage snapshot and I plan to manually add |
| 20 |
the GLSAs to that and have my stable boxes rsync from that. So really |
| 21 |
the only changes they'd get would be GLSAs, sort of like woody. |
| 22 |
|
| 23 |
Maybe for people who don't want to lock themselves to a portage |
| 24 |
snapshot, there could be something like --glsa to be used in conjunction |
| 25 |
with `emerge rsync` to tell it *just* to pull down the glsa-related |
| 26 |
ebuilds. |
| 27 |
|
| 28 |
I guess my wandering point is that emerging rsync and then updating |
| 29 |
worlds catches GLSA now, but obviously that involves alot of |
| 30 |
time-wasting for a server box. So a glsa-specific technique would mean |
| 31 |
omitting a full rsync and/or world update. But then you'll have to deal |
| 32 |
with the fact that the people just wanting to put glsa updates on |
| 33 |
machines will all have machines with wildly varying versions of software |
| 34 |
and portage trees. So how would that be resolved? |
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-dev@g.o mailing list |
Archives