Re: security updates

To: debian-user@lists.debian.org
Subject: Re: security updates
From: Frank Copeland <fjc@wossname.apana.org.au>
Date: Tue, 29 Oct 2002 00:04:02 +1100
Message-id: <[🔎] 20021028130402.GA32129@wossname.apana.org.au>
In-reply-to: <3DBD30D1.4050704@tacocat.net>
References: <[🔎] 3DBD1FAF.40500@tacocat.net> <E18699j-0001Ww-00@wossname.apana.org.au> <3DBD30D1.4050704@tacocat.net>

On Mon, Oct 28, 2002 at 07:42:57AM -0500, Tom Allison wrote:
> Frank Copeland wrote:

Did I forget to reply to the list? Bad me.

> >>Is there some way that I could crontab an apt-get job that would use ONLY 
> >>the security debian site for upgrading?
> >
> >
> >fjc@thingy:~$ apt-show cron-apt
> >Package: cron-apt
> >Priority: optional
> >Section: admin
> >Installed-Size: 73
> >Maintainer: Ola Lundqvist <opal@debian.org>
> >Architecture: all
> >Version: 0.0.6
> >Depends: apt, bash (>= 2.03-6)
> >Filename: pool/main/c/cron-apt/cron-apt_0.0.6_all.deb
> >Size: 7116
> >MD5sum: 92b962041784a61dfdc1e7d505e5627d
> >Description: Automatic update of packages using apt
> > This package contains a tool that is run by a cron job
> > at regular intervals. By default it just updates the package list and
> > download new packages without installing. You can instruct it to run
> > anything that you can do with apt-get.
> > .
> > It also sends mail (configurable) to the system administrator on
> > errors.
> > .
> > Observe that this tool is a security risk, so you should not set it
> > to do more than necessary (automatic upgrade of all packages is NOT
> > recommended).
> >
> I saw this.  It's what I'm looking for, but I want to install, not 
> download, and only for the security source.
> 
> I guess you could say it's a security risk to install any security updates 
> automatically....

If you are tracking stable then the only updates offered are going to
be security updates (well, in theory at least). 

Installing *any* updates automatically is bad, m'kay? Even security
updates can result in major changes; remember the recent OpenSSH
debacle? Every package update potentially requires human intervention.
However, if you really want to do it, cron-apt will let you. Just edit
the relevant file in /etc/cron-apt/action.d and delete the '-d'.

It's undocumented in the version in stable, but cron-apt can be
configured to mail you when an update is downloaded. Just put
"MAILON=upgrade" in /etc/cron-apt/config. Assuming you check your
system admin mail daily, you will be notified immediately when a
security update is available and you can then complete the update
manually.

-- 
Frank Copeland
Home Page: <URL:http://thingy.apana.org.au/~fjc/> 
Not the Scientology Home Page: <URL:http://xenu.apana.org.au/ntshp/>

Reply to:

References:
- security updates
  - From: Tom Allison <tallison@tacocat.net>

Prev by Date: Recording on SB Live
Next by Date: Backup - USBLink External Hard Drive (40 GB)
Previous by thread: Re: security updates
Next by thread: successful server installation, iptables question
Index(es):
- Date
- Thread