[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problem with automatic upgrade (changed conffile)

On Mon, Sep 19, 2005 at 12:29:38AM +0200, Kjetil Kjernsmo wrote:
> On mandag 19 september 2005, 00:18, Hans Ekbrand wrote:
> > > You must
> > > expect issues like these, it is a feature... :-)
> >
> > Not getting security updates automatically installed a feature? Not
> > in my world!
> Well, imagine the security.debian.org box getting compromised, and the 
> attacker pumping out a trojanned "security" upgrade. You install it 
> automatically before the Debian folks take the box out. The attacker 
> has your IP too... That's a serious single point of failure for the 
> entire community, you know... 

That's a interesting point, but not relevant in the current
discussion. Note that I do get automatic security updates on all
packages in which I have not changed any conffile. If it were a
feature not to get automatic installing of security updates, then that
would be some kind of bug, don't you think.

My question is:

"How do I do to get automatic security updates also for packages that
I have changed a conffile in?"

> I prefer to read and understand the DSA, and check that the DSA is 
> signed with a key I trust (I'm just a hop from joey) before I do a 
> manual apt-get upgrade on affected machines.
> But YMMV, that's just me.

I understand the risk of automating security upgrades, but I consider
relying on installing security updates by hand to be worse, since I
don't think I will have the time (or opportunity) to keep up with the
security updates.

Note that I use Debian version 3.1
Linux emac140 2.6.8-2-686 #1 Mon Jan 24 03:58:38 EST 2005 i686 GNU/Linux
Hans Ekbrand (http://sociologi.cjb.net) <hans@sociologi.cjb.net>
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?

Attachment: signature.asc
Description: Digital signature

Reply to: