Re: Manually getting security updates

To: Matt Zimmerman <mdz@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Manually getting security updates
From: Andrew Pollock <debian-lists@andrew.net.au>
Date: Fri, 9 May 2003 11:00:44 +1000
Message-id: <[🔎] 20030509010044.GA24066@daedalus.andrew.net.au>
In-reply-to: <[🔎] 20030508183654.GZ6566@alcor.net>
References: <[🔎] 20030508041841.GA8763@daedalus.andrew.net.au> <[🔎] 20030508183654.GZ6566@alcor.net>

On Thu, May 08, 2003 at 02:36:54PM -0400, Matt Zimmerman wrote:
> 
> If the problem is with HTTP access out from this particular network segment,
> why not put a proxy/mirror inside that network segment?  Then you only need
> to manually transfer the package lists to that one server, and the others
> can point to that.

We have multiple segments, none of which are allowed HTTP access and none 
of which are allowed to make inbound connections into the NOC segment. 
Putting an apt-proxy in each segment is not feasible, and having one that 
all segments probably isn't permissible either. I love security.
 
> > [1] it's the manual acquisition back in the NOC that has me a bit stumped 
> > as how to achieve. I want to use our apt-proxy and I would have thought 
> > that apt-get would be the way to go, however if you try to do an "apt-get 
> > -d package" on a package that's already up to date locally (and you don't 
> > already have the .deb in /var/cache/apt/archives) there's no way to get 
> > apt-get to just download it.
> 
> It sounds like you want --print-uris instead of -s, no?  That prints out
> URLs for downloading the needed packages.

Only if apt-get decides it wants to download said package. I didn't want 
to have to require the box back in the NOC to have it's package list match 
the package list on the servers in the infrastructure, because they quite 
possibily be at different versions of packages at the moment.

> > debget seems to not be what I want, it doesn't appear to consult a local 
> > Packages file, it wants to pop off and check out an FTP site, which isn't 
> > feasible from our NOC. I really want something APT aware.
> 
> There is a debget in debian-goodies which uses apt to do its work, but I
> don't think either debget is what you want.  debget is for fetching
> individual packages, and you want to get all of the packages necessary to
> upgrade a server.

It doesn't bother me to fetch the packages individually, as using the 
previously described method, they'll be indentified as required 
individually.

> > I've sent an email to apt@packages.debian.org already, but I haven't heard
> > anything back yet.
> 
> That's not a support address (neither is debian-devel, for that matter).

I would have thought the (one person?) APT team would provide some support
for their package? I apologise if I'm out of place emailing here, I just
figure all the packaging system clue is going to be most concentrated in
-devel.

Andrew

Reply to:

References:
- Manually getting security updates
  - From: Andrew Pollock <debian-lists@andrew.net.au>
- Re: Manually getting security updates
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Questions regarding utf-8
Next by Date: Re: Questions regarding utf-8
Previous by thread: Re: Manually getting security updates
Next by thread: Emacs - Ispell problem with i[no]german dictionary
Index(es):
- Date
- Thread