On Fri, Feb 21, 2003 at 10:03:06PM +0100, Florian Weimer wrote: > Working package and release signature would be more important at this > point, IMHO. Debian still lacks a secure and moderately automated > mechanism for pulling security updates (and I'm not even talking about > pushing the updates). I would like to see signatures of packages, but I know the issue has been talked to death previously, and if better minds than mine couldn't organize something I'm not sure that I should re-raise the issue without a cunning plan in mind.. As for security updates - what kind of thing did you have in mind? It's fairly simple to setup scripts to notify you when a package upon your system is the target of a security advisory. I've packaged such a beast, and I've seen several other people sharing their solutions. Did you have something more organized in mind? I could imagine a big notification database, where you could choose the role of your server(s) and recieve an email automatically when a security release was made - but if you didn't have the package installed after all, or neglected to keep the "subscription" up to date then this would become a waste of time very quickly. Steve --- # Debian security advisory monitor: http://www.steve.org.uk/Software/debian-updates
Attachment:
pgpIyiECRsc_Y.pgp
Description: PGP signature