[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Javier Fernández-Sanguino Peña wrote:
> On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
>> - From the documentation I gather, that update-manager would probably work
>> on kde, but that it just checks, if the package information has changed.
>> This would have to occur either manually or by some cron job, cron-apt
>> etc. So _at least_ it requires reading some manuals and manual
>> configuration. update-notifier also does not suggest or recommend
>> cron-apt or any other backend to commit the required 'aptitude update'.
>>
> 
> Did you actually tried update-notifier on KDE? 

Yes, it was installed on my system for some months, but it never
informed me about any update. (I get informed via
debian-security-announce, though and install updates 'by hand'. )

> update-notifier checks
> himself if the package information has changed periodically. There's no need
> for update-notifier to depend on cron-apt or any 'backend' as it already
> does the job. If you ask it to install new software it will run
> update-manager.

That's what I would expect from its description in 'aptitude show
update-[manager|notifier].

The README, however states a different story:
/============
more /usr/share/doc/update-notifier/README
Upgrade notifier tray icon
- --------------------------

This is a small tray icon that backgrounds itself and checks for
upgrades. It does nothing more. It must be ensured by other means
(like a cron job) that a regular "apt-get update" is done. This is
ensured by installing a option into /etc/apt/apt.conf.d to trigger a
cron update script. It uses FAM to monitor /var/lib/apt/lists/* and
/var/lib/update-notifier/dpkg-run-stamp. If they change it updates it's
status.

Needs libgnomeui2.0-dev and libhal-dev to build and gksu to run.


Based on ideas of Matt Zimmerman und Jeff Waught. Tray example from
Lukas Lipka <lukas@pmad.net>. Lot's of cleanups from Michiel Sikkes.
Thanks!

Michael Vogt
\==============

Note, that I don't even have fam installed, I have gamin for some
reasons I don't know or remember.

My personal conclusion:

Simply installing update-manager (on etch) does not necessarily notify
the user of security updates. It might 'automagically' work in some
situations, but as long as it doesn't do so in _any_ situation it will
just make newbee users feel comfortable, while not providing
notifications about security updates.

Johannes

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGzUIcC1NzPRl9qEURAqLWAJsF/KhVriRFk23Iza9JiDsGVpL53ACaAtLp
bhfbfThn0YX259o8fhDhYow=
=XHPc
-----END PGP SIGNATURE-----
Reply to: