[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

On Thu, Aug 23, 2007 at 10:15:25AM +0200, Johannes Wiedersich wrote:
> Simply installing update-manager (on etch) does not necessarily notify
> the user of security updates. It might 'automagically' work in some
> situations, but as long as it doesn't do so in _any_ situation it will
> just make newbee users feel comfortable, while not providing
> notifications about security updates.

I've further investigated this issue. The fact is, the tool that *actually*
updates the package database is /etc/cron.daily/apt, that task is installed
by Apt, you don't need cron-apt to do it. 

This cron task uses the Apt::Periodic [1] configuration which is set, for
example, in GNOME through the /usr/bin/software-properties application
(called in by the desktop System -> Admin ->Software origins -> Updates).
Through the GUI you can be set when check for updates (and modify Apt's
configuration accordingly). I believe by default, in GNOME, it is configured
to download the lists (but no the packages themselves) daily.

The fact that update-notifier doesn't work in KDE for you might be because
either you don't have installed (or KDE lacks) and application that handles
that piece of Apt's configuration for you, or maybe because some other
application mangled it.

In my /etc/apt/apt.conf.d/10periodic file (file installed by update-manager)
I have this:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";

You probably have something else there?



[1] A configuration option of Apt which is used, but currently not
documented :) (#438559)

Attachment: signature.asc
Description: Digital signature

Reply to: