Re: automatic security updates

[Christian Schoenebeck <christian.schoenebeck@epost.de>]

Am Dienstag, 30. Juli 2002 23:19 schrieb Waldemar Gorus:
> I would prefer cron, too.
> Another nice way is described in this newsgroup yesterday or some days
> ago. Topic was: "script to do nightly dist-upgrade"
>
> But you should tell apt to answer all question by itself. Do you really
> need an automatic update. What about an automatic mail which reminds you
> to upgrade your system? :-)

Yes, but what does an automatic mail achieve when you're not available? I 
agree that it's not useful to make a complete, automatic update of all 
packages but I think an automatic security update of packages which represent 
a security whole to the system would be more than useful.

Ok, you could say you can make the update when you're back, that's usually 
just a matter of hours, but in my opinion that's some hours too long. One of 
our servers at university recently got an DoS attack just a few hours after 
the corresponding security advisory was posted.

I thought a script that reacts on mails containing security advisories and 
triggering a security update would be the solution. Has anybody already done 
that before or are there any contras?

Regards,

Christian