On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote: > On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote: > > You can trigger the update via ssh or wget. > > The entire scheme strikes me as reinventing a mechanism which has been > existing for years now, being called cron-apt. I don't believe it does. Cron-apt is a pull mechanism (download the latest packages, check if there are upgrades and notify the admin). A mail filter which parses the DSAs and tells people to update is a push mechanism. Notice that in the later (push) you could have somebody review if the update is critical enough, or only tell systems to upgrade once the patch has been tested internally. That seems easier to me than, in the pull system, set up an intermediate mirror of security.debian.org with *approved* updates, have the systems update automatically and have a sysadmin move the updates from the official mirror over to that internal mirror based on whether the update is critical or not. Also, in my mind's view, a push mechanism is bound to be more effective than probing the security mirror daily and could also be capable of narrowing the time between patch release and installation (if automated) since you don't have to wait for a given point in time to make the check. Florian, in any case, I see no mentioning of where those scripts being available. Are they? Regards Javier
Attachment:
signature.asc
Description: Digital signature