1 |
Hello, Robert: |
2 |
|
3 |
Robert Buchholz wrote: |
4 |
> On Monday 21 July 2008, Aleksey V Lazar wrote: |
5 |
> |
6 |
>> Hello. Would it be reasonable to suggest adding a ~security (or |
7 |
>> something like it) flag to denote packages masked for security |
8 |
>> reasons? |
9 |
>> |
10 |
> |
11 |
> Hi Aleksey, |
12 |
> |
13 |
> since entries package.mask only contain free text description as an |
14 |
> additional information, such a feature would require the package |
15 |
> manager to decide which entries are security maskings, and which are |
16 |
> feature maskings. While that could be done using |
17 |
> restrictions/conventions within the text, I am sure our package manager |
18 |
> developers would disagree with such a design. A "package.security.mask" |
19 |
> file might be more appropriate for that. |
20 |
> |
21 |
Are you saying that security mask entries would go into the |
22 |
package.security.mask and feature/other to package.mask? I think this |
23 |
would make sense. |
24 |
> My question now is, why would you want such a thing? Masked packages all |
25 |
> have different reasons to be there, and you should decide to use one on |
26 |
> a case-by-case basis. |
27 |
> |
28 |
I described in some more detail what I was thinking about in my previous |
29 |
post to this list. |
30 |
|
31 |
To answer your question, I think a feature like this would be very |
32 |
useful, because it would remove barriers for identifying packages with |
33 |
security issues. For example, I don't update my gentoo system daily, |
34 |
but I would update it as often as necessary to keep it secure. |
35 |
Currently (to the best of my understanding) there is no easy way (e.g.: |
36 |
an /emerge/ option) to identify and update only the packages that have |
37 |
security fixes. I would have to do some digging to find out what |
38 |
packages and evaluate each package separately. So I think there would |
39 |
be value in separating security masking from other types. To summarize, |
40 |
I think this would accomplish the following: |
41 |
|
42 |
1. Easily identify packages masked for security reasons. |
43 |
2. Easily identified installed packages that have security issues/fixes |
44 |
available. |
45 |
3. Option for /emerge/ to only update packages with security fixes |
46 |
|
47 |
Thank you for consideration. |
48 |
Aleksey |
49 |
> Regards, |
50 |
> Robert |
51 |
> |
52 |
> |
53 |
|
54 |
-- |
55 |
Aleksey V. Lazar |
56 |
Website Development |
57 |
Memorial Library 3010 |
58 |
Minnesota State University |
59 |
Mankato, MN 56001 |
60 |
http://www.mnsu.edu/ |
61 |
Tel.: 1-507-389-2480 |