| 1 |
I think every new *.ebuild could say which -if any- is the |
| 2 |
highest version of which it is a security update. if you |
| 3 |
sync and you have a lower version, emerge -u security |
| 4 |
will execute the new ebuild. This, however, should |
| 5 |
respect major versions; it shouldn't unexpectedly install |
| 6 |
apache2. At the end of the cycle of every major version |
| 7 |
there should be a final ebuild informing the sysadmin |
| 8 |
that the gravy train has come to a stop. |
| 9 |
That might lead to "special gentoo systems", combinations |
| 10 |
of packages of certain versions that are known to work |
| 11 |
well for special tasks, which you only have to update |
| 12 |
for security. He who writes a howto takes a snapshot |
| 13 |
of his system, marks out a few packages, weeds out |
| 14 |
whatever is not a dependency of those, and offers it |
| 15 |
with the assurance that the configuration he describes |
| 16 |
is exact for the system. |
| 17 |
|
| 18 |
-- |
| 19 |
gentoo-security@g.o mailing list |
Archives