Re: secure installation
-----BEGIN PGP SIGNED MESSAGE-----
Javier Fernández-Sanguino Peña wrote:
> On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
>> - From the documentation I gather, that update-manager would probably work
>> on kde, but that it just checks, if the package information has changed.
>> This would have to occur either manually or by some cron job, cron-apt
>> etc. So _at least_ it requires reading some manuals and manual
>> configuration. update-notifier also does not suggest or recommend
>> cron-apt or any other backend to commit the required 'aptitude update'.
> Did you actually tried update-notifier on KDE?
Yes, it was installed on my system for some months, but it never
informed me about any update. (I get informed via
debian-security-announce, though and install updates 'by hand'. )
> update-notifier checks
> himself if the package information has changed periodically. There's no need
> for update-notifier to depend on cron-apt or any 'backend' as it already
> does the job. If you ask it to install new software it will run
That's what I would expect from its description in 'aptitude show
The README, however states a different story:
Upgrade notifier tray icon
This is a small tray icon that backgrounds itself and checks for
upgrades. It does nothing more. It must be ensured by other means
(like a cron job) that a regular "apt-get update" is done. This is
ensured by installing a option into /etc/apt/apt.conf.d to trigger a
cron update script. It uses FAM to monitor /var/lib/apt/lists/* and
/var/lib/update-notifier/dpkg-run-stamp. If they change it updates it's
Needs libgnomeui2.0-dev and libhal-dev to build and gksu to run.
Based on ideas of Matt Zimmerman und Jeff Waught. Tray example from
Lukas Lipka <firstname.lastname@example.org>. Lot's of cleanups from Michiel Sikkes.
Note, that I don't even have fam installed, I have gamin for some
reasons I don't know or remember.
My personal conclusion:
Simply installing update-manager (on etch) does not necessarily notify
the user of security updates. It might 'automagically' work in some
situations, but as long as it doesn't do so in _any_ situation it will
just make newbee users feel comfortable, while not providing
notifications about security updates.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----