RE: Apt-get only security patches
Hi again,
Thank you for all the feedback and sorry for the controversy of stating
that "mime-support" does not seem like a security update. Actually, I
usually will allow the update, for I don't always have the time to try
to stay up to date on all the security issues. I simply used this as an
example, for my machine wanted to update this immediately and there is
no clear indication of why the update should happen. However, what I am
after is a way of distinguishing easily between updates. A solution
might be to simply include an "upgrade description" that shows you why
the update is available.
Looking at unstable this morning [I fully understand the consequences of
running unstable, this is simply another example!]
davinci:~# apt-get upgrade -u
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages have been kept back
alsa-base cpp docbook-xml dpkg e2fsprogs g++ gcc libldap2 libmng1
libpaperg libpng2 mc menu mutt python-newt reportbug samba samba-common
shorewall smbclient smbfs swat sysvinit
wenglish whiptail xmhtml1 xprt
The following packages will be upgraded
apt apt-utils aterm bonobo-activation gcc-3.3-base gv
libbonobo-activation4 libg2c0 libgcc1 libstdc++5 samba-doc sed
12 packages upgraded, 0 newly installed, 0 to remove and 27 not
upgraded.
Need to get 4201kB of archives. After unpacking 139kB will be used.
Do you want to continue? [Y/n]
What I would have like to see was something like this: [Please think of
this in terms of "stable" or "testing"]
Package Class
====================================
apt Security
apt-utils Security
aterm Features
bonobo-activation Test
gcc-3.3-base Test
gv Test
libbonobo-activation4 Test
libg2c0 Test
libgcc1 Features
libstdc++5 Security
samba-doc Test
Sed Features
And then maybe I could tell apt-get to only load the security patches.
Another way would have been to class the updates very much in the same
way as dselect does, perhaps showing "Important" or "Crucial" for
security fixes.
Any ideas?
Rudolph
> -----Original Message-----
> From: Nick Boyce [mailto:nick@glimmer.demon.co.uk]
> Sent: 08 May 2003 02:20 AM
> To: debian-security@lists.debian.org
> Subject: Re: Apt-get only security patches
>
>
> On Wed, 7 May 2003 10:35:45 +0200, Rudolph van Graan wrote:
>
> >... For example on one of my "stable" machines,
> >the following happens when I do apt-get upgrade -u:
> >
> >The following packages will be upgraded
> > kdewallpapers mime-support
> >2 packages upgraded, 0 newly installed, 0 to remove and 0
> not upgraded.
> >Need to get 0B/1030kB of archives. After unpacking 105kB
> will be freed.
> >Do you want to continue? [Y/n]
> >
> >Obviously neither is of real security importance
>
> The mime-support update *is* a security update !
>
> See http://www.debian.org/security/2003/dsa-292
>
> "When a temporary file is to be used it is created insecurely"
>
> "allows local users to overwrite arbitrary files via a symlink attack
> on temporary files"
>
> So if you're the only user on the machine then I suppose you needn't
> worry.
>
> Cheers
>
> Nick Boyce
> Bristol, UK
> --
> There is no spoon.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: