[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Update only of security vulnerabilities?

Op 09-04-15 om 11:31 schreef Rafał Radecki:
> Hi All :)
> Is usage of
> 1) # unattended-upgrade --dry-run
> command with proper configuration of
> /etc/apt/apt.conf.d/50unattended-upgrades file the best choice for
> checking available security updates?
> Another options as I found are: 
> 2) #apt-get -s dist-upgrade | grep "^Inst" | grep -i security"
> 3) put all security repositories to a dedicated file (for example
> /etc/apt/security.sources.list) and run
> #apt-get -u upgrade --assume-no -o
> Dir::Etc::SourceList=/etc/apt/security.sources.list
> I found that in CentOS for example checking of available security
> updates is broken because of lack of errata info in their official
> repositories. So I want to be SURE that I am using the best command for
> the task :)
> How are you performing such checking?

Maybe unattented-upgrade is fine for you if you want only the security
updates. But I want a full "apt-get dist-upgrade". So I don't use the
stock unattended-upgrade of Wheezy. But unattended-upgrade in Jessie is
fine, when using a "*" config. See
/usr/share/doc/unattended-upgrade/README or something like that for the

For Wheezy I use a backport what I've made myself. This is what I do:
Wheezy: http://vandervlis.nl/files/unat7
Jessie: http://vandervlis.nl/files/unat8

What I would like is autmatic install but only after a few days. I am
working on a script what does that. It's not well tested at the moment:

With regards,
Paul van der Vlis.

Paul van der Vlis Linux systeembeheer, Groningen

Reply to: