1 |
I think every new *.ebuild could say which -if any- is the |
2 |
highest version of which it is a security update. if you |
3 |
sync and you have a lower version, emerge -u security |
4 |
will execute the new ebuild. This, however, should |
5 |
respect major versions; it shouldn't unexpectedly install |
6 |
apache2. At the end of the cycle of every major version |
7 |
there should be a final ebuild informing the sysadmin |
8 |
that the gravy train has come to a stop. |
9 |
That might lead to "special gentoo systems", combinations |
10 |
of packages of certain versions that are known to work |
11 |
well for special tasks, which you only have to update |
12 |
for security. He who writes a howto takes a snapshot |
13 |
of his system, marks out a few packages, weeds out |
14 |
whatever is not a dependency of those, and offers it |
15 |
with the assurance that the configuration he describes |
16 |
is exact for the system. |
17 |
|
18 |
-- |
19 |
gentoo-security@g.o mailing list |