[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: automatic security updates



Am Mittwoch, 31. Juli 2002 19:43 schrieb John Hasler:
> Christian Schoenebeck writes:
> > I thought a script that reacts on mails containing security advisories
> > and triggering a security update would be the solution.
>
> What does that do that a cript pointing apt at the security archive and
> doing 'apt-get update; apt-get upgrade' doesn't?

Yes, something like that. The script should somehow manage just to use the 
security resources to update the package list, so that only packages with 
security related problems will be updated. Else it would update every 
unnecessary package by its own. For this there would be two ways: comment out 
every resource in /etc/apt/sources.list except "deb http://security.bla"; or 
better just temporary replace the list by another one with just these sources.

Should the script have a limit? For example max. 3 Updates per hour? That 
could avoid a DoS attack of people who know about the mechanism and are 
sending emails to the server containing the right keywords to trigger an 
update.

What is the best way to react on emails? We're using exim. Can I process 
emails with exim and let it automaticaly start a script if it receives such a 
security advisory or do I need something like procmail?

Regards
Christian



Reply to: