Control: reassign -1 monitoring-plugins-basic On Mon, Jun 20, 2016 at 04:52:37PM +0200, Christoph Anton Mitterer wrote: > apt however, doesn't upgade: > # apt-get upgrade "apt-get upgrade" is documented to not install new (or remove) packages. It is strictly upgrading only. New packages can introduce new interfaces and especially new (potentially internet-facing) deamons and are hence not "safe" – at least not as safe as just upgrading is which is frequently done unattended (by a program or on "autopilot" by a human). aptitude doesn't have this restricting. "apt upgrade" hasn't either btw. Even "apt-get upgrade" can be told to lift this restriction with "--with-new-pkgs". So, not a bug in apt(-get) – it is a feature! ;) > I'd guess that the check_apt Icinga/Nagios check uses apt-get upgrade > to look for upgradable packages, because it returns: > # /usr/lib/nagios/plugins/check_apt > APT OK: 0 packages available for upgrade (0 critical updates). |available_upgrades=0;;;0 critical_updates=0;;;0 > > Which is bad of course, and the security problem here. I guess the nagios check shouldn't use 'apt-get upgrade', but that depends on what it is supposed to show (aka what its users expect) and what it actually uses (based on "critical updates" I guess it is using its own code, perhaps a binding…) but both I don't know hence reassigning. Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature