Hosting Provided By

Re: secure installation

From: Johannes Wiedersich <johannes(at)physik.blm.tu-muenchen.de>
Date: Thu Aug 23 2007 - 04:15:25 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Javier Fernández-Sanguino Peña wrote:
> On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:

>> - From the documentation I gather, that update-manager would probably work
>> on kde, but that it just checks, if the package information has changed.
>> This would have to occur either manually or by some cron job, cron-apt
>> etc. So _at least_ it requires reading some manuals and manual
>> configuration. update-notifier also does not suggest or recommend
>> cron-apt or any other backend to commit the required 'aptitude update'.
>>

>
> Did you actually tried update-notifier on KDE?

Yes, it was installed on my system for some months, but it never informed me about any update. (I get informed via debian-security-announce, though and install updates 'by hand'. )

> update-notifier checks
> himself if the package information has changed periodically. There's no need
> for update-notifier to depend on cron-apt or any 'backend' as it already
> does the job. If you ask it to install new software it will run
> update-manager.

That's what I would expect from its description in 'aptitude show update-[manager|notifier].

The README, however states a different story: /============
more /usr/share/doc/update-notifier/README Upgrade notifier tray icon

- --------------------------

This is a small tray icon that backgrounds itself and checks for upgrades. It does nothing more. It must be ensured by other means (like a cron job) that a regular "apt-get update" is done. This is ensured by installing a option into /etc/apt/apt.conf.d to trigger a cron update script. It uses FAM to monitor /var/lib/apt/lists/* and /var/lib/update-notifier/dpkg-run-stamp. If they change it updates it's status.

Needs libgnomeui2.0-dev and libhal-dev to build and gksu to run.

Do you need help?

Based on ideas of Matt Zimmerman und Jeff Waught. Tray example from Lukas Lipka <lukas@pmad.net>. Lot's of cleanups from Michiel Sikkes. Thanks!

Michael Vogt
\==============

Note, that I don't even have fam installed, I have gamin for some reasons I don't know or remember.

My personal conclusion:

Simply installing update-manager (on etch) does not necessarily notify the user of security updates. It might 'automagically' work in some situations, but as long as it doesn't do so in _any_ situation it will just make newbee users feel comfortable, while not providing notifications about security updates.

Johannes

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGzUIcC1NzPRl9qEURAqLWAJsF/KhVriRFk23Iza9JiDsGVpL53ACaAtLp bhfbfThn0YX259o8fhDhYow=
=XHPc
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Thu Aug 23 04:17:15 2007

Do you need more help?

This message: [ Message body ]
Next message: Giacomo Mulas: "Re: secure installation"
Previous message: Javier Fernández-Sanguino Peña: "Re: secure installation"
In reply to: Javier Fernández-Sanguino Peña: "Re: secure installation"
Next in thread: Giacomo Mulas: "Re: secure installation"
Reply: Giacomo Mulas: "Re: secure installation"
Reply: Javier Fernández-Sanguino Peña: "Re: secure installation"
Reply: Javier Fernández-Sanguino Peña: "Re: secure installation"
Reply: Johannes Wiedersich: "Re: secure installation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:52:54 EDT