Re: [expert] Why is urpmi such a pain in the ...?
On Friday 19 Sep 2003 3:43 am, Vincent Danen wrote: On Thu Sep 18, 2003 at 07:29:36PM -0700, James Sparenberg wrote: Thanks from here too for the hard work you do Vincent. Tuning in to the list on top of security updates is over and above the call of duty :-) =) Unfortunately, there's no one else active on the expert list.. the developers are (understandably) taken up on the cooker list, so someone has to hang out here with the experts... =) Vincent, Why is it I detect a sense of wry sarcasm in that last word. *grin* Ummm... no sarcasm here... honest. =) Seriously, tho, I sometimes think this list is full of experts, then other times I think all the newbies on the newbie list hang out here just to question the minority experts, but that could just be me. =) Either way is fine and I'm happy to hang out with the experts/newbies alike. I suspect that the noise/signal ratio on the newbie list puts some people off. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Fri, 2003-09-19 at 01:19, Anne Wilson wrote: ... Why is it I detect a sense of wry sarcasm in that last word. *grin* Ummm... no sarcasm here... honest. =) Seriously, tho, I sometimes think this list is full of experts, then other times I think all the newbies on the newbie list hang out here just to question the minority experts, but that could just be me. =) Either way is fine and I'm happy to hang out with the experts/newbies alike. I suspect that the noise/signal ratio on the newbie list puts some people off. Anne :g/newbie/s//expert/g We've had some pretty bad s/n problems here, remember when Todd had to get mean? :-) As I've said before, there shouldn't be multiple lists with self-selecting categories of newbie and expert. One list to rule them all, with an iron-fisted moderator, mu-whahahah! And... sympa sucks! -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Thursday 18 Sep 2003 12:14 am, Vincent Danen wrote: With all that in mind, I think this one-man operation is pretty damn speedy. absolutely, but... let's step into the managerial mind for a little while: Well, let's put this properly. Vincent doesn't *need* help. Vincent would like help. Vincent's wife would like help. But Vincent is a trooper and can do the job he is paid to do, no question. But if Vincent doesn't 'get a life' he will burn out. User complaints help steer things to path 2. Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Absolutely the preferred option. But would customer complaints help here? Having been a manager short of cash, I think they would only annoy. Now when things start to look better, that might be the time to signal our preferences. Meanwhile, Vincent, you do a great job Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 11:52, Avi Schwartz wrote: On Wednesday, September 17, 2003, at 01:03 PM, Vincent Danen wrote: On Wed Sep 17, 2003 at 08:19:45AM -0500, Avi Schwartz wrote: That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. The only problem is that you're not subscribed to the right mailing list. Subscribe to the announce list (via MandrakeSecure, the very site you were on). Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) And no, announcements will not be going to this list or any other list other than the announce list. I appreciate the information and I just subscribed to the announce list. However, the same way I didn't know about the [EMAIL PROTECTED] list I am sure there are many others that are not aware of it. If there is a bug that has a potential of becoming a way to break into a computer I feel that all mailing list be notified of it to minimize the potential damage. Mandrake may have many newbies (I hope you do, you need the business) which are new to Linux and may need this extra help. One nice touch SuSE has is a small icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. Avi Avi, Whereas I like the icon idea, I do want to point out one thing. It came from copying windows XP and we all know how much windows users pay attention to this feature. *evile grin* Sides it doesn't work too well when the user doesn't have root. Better to notify IT via e-mail. The user can't do much more than stare at the icon. james Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 12:43, Jack Coates wrote: Steffen Barszus wrote: Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen I'm on Bugtraq -- I get the alert once from mandrakesecure, once from Mandrake's message to bugtraq, and once from every other Linux distributor out there, in addition to the original discovery argument. Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) Dunno here Jack. MDK and SuSE are ssh patched. RH is still 6 versions behind in the last (a while back too) update for anything but 9. I have noticed that for every 5 or 6 notices I get from RH I get 1 from either SuSE or Mandrake. Lotta times, it's just bug fixes for things like compiling kernels (think 8.0 and 7.0) So I'm not sure if RH patches faster or has more bugs to fix. *grin* James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 14:17, [EMAIL PROTECTED] wrote: With all due respect to you all, but I don`t like the idea one bit. It means Mandrakesoft has a line into my taskbar which I did not ask for. Just as I don`t like Microsoft working interactively with my computer, or other adware/spyware calling home when I still used Windows, I wouldn`t like Mandrakesoft to have a thread into any corner of my boxes. If it`s an optional package, fine I won`t use it. If it comes built in the distro I will disable it, remove it or whatever it takes to avoid it. It goes against my sense of privacy. Maybe not to that of others, very well, but I don`t like the idea. I've been looking at many of the auto-update features for different distros. RedHat keeps a central database of installed packages if you use their up2date mechanism, and this would probably irk many users. However, most of the others seem to be passive updaters. I.e., they pull down a list of packages and compare them locally *without* sending any information to a central database. In any case, Mandrake's really cool distributed update system would likely preclude an update mechanism that needed a single database. I would like to see a centralized management console for Mandrake systems. The designated management station could maintain a list of updates as some sort of server; the clients (whether local on on the LAN or 'Net) could then query the central server and update the local package database. This would be useful because it allows an operator to get an idea of a system's patch status without needing the machine to be online. The central server need not be an official site, but could be another machine on the LAN that you control. urpmi + mirroring software and you have it. I run/ran actually one in my last position. I just used fmirror to keep in sync with one of the MDK mirrors for each distro. This included the hdlist.cz then I just did an addmedia for my update server and pointed it at the box on my lan instead of one of the mandrake mirrors. We later set it up so that the directory that got synced and the one that people pulled from where not the same one. This way I could manually run rpm -K on all the rpms to verify sig and md5checksum before I put it on my network. Then I'd sync the two directories. Remove the old version in case it was a 2nd update, and I'd be off and running. With urpmi.udpate -a and urpmi -update --auto-select in a cron job the boxes would update themselves every night. Works well too. If I wanted to add a local rpm to the update list I would put it in the dir and then run genhdlist against it and I'd have me new hdlist.cz. I even put the cd's on the lan this way so that if someone needed to install something all they had to do was run urpmi and it was available. (I would disable the CD listings and just have networked ones.) No need for special software just a bit of time (one day in fact) and set it up. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 14:42, Jack Coates wrote: Vincent Danen wrote: On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote: ... Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with you announced it so where is it? messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. absolutely, but... let's step into the managerial mind for a little while: it's dark in here here..ere.ere.ere. ere.. fact: Vincent is working really hard, doing a job that takes six people at other companies. He's typically a few hours behind those other companies, but the users don't complain much. Vincent says he needs help when we get some money. path 1: Ignore the situation until Vincent flames out, then hire some starry-eyed outsider who thinks he can fix everything. path 2: When the money starts coming in again, hire some college kids to help out. Rinse and repeat until a couple of them stick on. User complaints help steer things to path 2. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 21:39, Jack Coates wrote: On Wed, 2003-09-17 at 16:14, Vincent Danen wrote: ... path 1: Ignore the situation until Vincent flames out, then hire some starry-eyed outsider who thinks he can fix everything. /me shudders path 2: When the money starts coming in again, hire some college kids to help out. Rinse and repeat until a couple of them stick on. /me shudders again User complaints help steer things to path 2. Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). It's certainly true that competent people cost a lot less than they did last year; dang near cheap as college kids now. I think I'd better stop typing before I rhapsodize too much about how well the economy is recovering. Jack, Little in 2000 did any of us realize that when Brush said that the economy was headed for a crash, this wasn't a prediction. It was a promise. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Thu, 2003-09-18 at 02:02, James Sparenberg wrote: On Wed, 2003-09-17 at 12:43, Jack Coates wrote: Steffen Barszus wrote: Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen I'm on Bugtraq -- I get the alert once from mandrakesecure, once from Mandrake's message to bugtraq, and once from every other Linux distributor out there, in addition to the original discovery argument. Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) Dunno here Jack. MDK and SuSE are ssh patched. RH is still 6 versions behind in the last (a while back too) update for anything but 9. I have noticed that for every 5 or 6 notices I get from RH I get 1 from either SuSE or Mandrake. Lotta times, it's just bug fixes for things like compiling kernels (think 8.0 and 7.0) So I'm not sure if RH patches faster or has more bugs to fix. *grin* James Red Hat definitely sucks pretty bad. I've been having to do a lot of work with 6.2 and 7.3 lately, building test environments to recreate customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout broken in 6.2 (way out of support window, tell that to the thousands of customers still using it), and on 7.3 I've actually been installing Ximian's Red Carpet to get something that can do dependencies worth a damn. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Thu, 2003-09-18 at 08:13, Jack Coates wrote: On Thu, 2003-09-18 at 02:02, James Sparenberg wrote: On Wed, 2003-09-17 at 12:43, Jack Coates wrote: Steffen Barszus wrote: Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen I'm on Bugtraq -- I get the alert once from mandrakesecure, once from Mandrake's message to bugtraq, and once from every other Linux distributor out there, in addition to the original discovery argument. Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) Dunno here Jack. MDK and SuSE are ssh patched. RH is still 6 versions behind in the last (a while back too) update for anything but 9. I have noticed that for every 5 or 6 notices I get from RH I get 1 from either SuSE or Mandrake. Lotta times, it's just bug fixes for things like compiling kernels (think 8.0 and 7.0) So I'm not sure if RH patches faster or has more bugs to fix. *grin* James Red Hat definitely sucks pretty bad. I've been having to do a lot of work with 6.2 and 7.3 lately, building test environments to recreate customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout broken in 6.2 (way out of support window, tell that to the thousands of customers still using it), and on 7.3 I've actually been installing Ximian's Red Carpet to get something that can do dependencies worth a damn. If you want to get industrious you could create a urpmi for Redhat. Perl URPM libraries + urpmi + genhdlist... *grin* James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Thu, 2003-09-18 at 11:13, Jack Coates wrote: Red Hat definitely sucks pretty bad. I've been having to do a lot of work with 6.2 and 7.3 lately, building test environments to recreate customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout broken in 6.2 (way out of support window, tell that to the thousands of customers still using it), and on 7.3 I've actually been installing Ximian's Red Carpet to get something that can do dependencies worth a damn. While I can't argue that RedHat's own update method stinks I would point out that there are alternatives (albeit inconvenient at least initially since you need to add them manually). The k12ltsp distro is a pure RedHat du jour with certain package enhancements (mostly added packages though a couple of them like dhcpd are just modified) and includes both yum and apt-get. There are repositories with official redhat packages for both update managers. Personally, I have found either one at least as easy to use as urpmi. We use K12os or Yellowdog on all our servers depending upon platform (x86, PPC). I'm a Mandrake user on my workstation and have been since 7.1. I know that the yum package is available for rh7.3 too (thought apt-get was but I can't find it). On rh6.2 you're probably out of luck as that's pretty old and I'm not aware of too many aside from Debian who were running a 'urpmi' type package manager back then. ftp://k12linux.mesd.k12.or.us/pub/yum/ Actually, as I look at it, if you add the following site to yum.conf (following the pattern already established in the file) it looks like you can 'yum update' all the way back to 6.2 - didn't know that. http://ayo.freshrpms.net/redhat/8.0/i386/ ... [os,updates] I don't know 'how up to date' the 6.2 updates would be though as RH is almost certainly not doing them anymore. You seem to expect a lot out of them with regard to the updates. Does anyone keep updates for a distro that far back? It would appear Mandrake doesn't go back beyond 8.2 for current updates. -- Mike Rambo [EMAIL PROTECTED] NOTE: In order to control energy costs the light at the end of the tunnel has been shut off until further notice... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Mike Rambo wrote: On Thu, 2003-09-18 at 11:13, Jack Coates wrote: Red Hat definitely sucks pretty bad. I've been having to do a lot of work with 6.2 and 7.3 lately, building test environments to recreate customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout broken in 6.2 (way out of support window, tell that to the thousands of customers still using it), and on 7.3 I've actually been installing Ximian's Red Carpet to get something that can do dependencies worth a damn. While I can't argue that RedHat's own update method stinks I would point out that there are alternatives (albeit inconvenient at least initially since you need to add them manually). The k12ltsp distro is a pure RedHat du jour with certain package enhancements (mostly added packages though a couple of them like dhcpd are just modified) and includes both yum and apt-get. There are repositories with official redhat packages for both update managers. Personally, I have found either one at least as easy to use as urpmi. We use K12os or Yellowdog on all our servers depending upon platform (x86, PPC). I'm a Mandrake user on my workstation and have been since 7.1. Installed apt-get with the tuxfamily sources. It doesn't have three quarters of the software I tried to install with it, and those it does have it says it can't install. Rather than take time to figure out what's wrong with it, I'll just rebuild this box with Mandrake 9.2 when it comes out. -- Jack Coates Monkeynoodle.Org: Integrating Value, Simians, and Pasta Since 1996. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 09:41:34PM -0700, Jack Coates wrote: Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Let's try path #4. Go to Scotland and get Vincent cloned. You don't have to name him Dolly #3, really! And pls. let's not get into that geek/sheep thing! Ummm... let's not. I really don't think the world needs two of me... =) I appreciate Vincent's work and whenever there's a way to help, Vincent, you know where to find me. Thanks, Wolfgang. The sentiments are appreciated. Thanks from here too for the hard work you do Vincent. Tuning in to the list on top of security updates is over and above the call of duty :-) =) Unfortunately, there's no one else active on the expert list.. the developers are (understandably) taken up on the cooker list, so someone has to hang out here with the experts... =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Thu Sep 18, 2003 at 09:49:47AM +0100, Anne Wilson wrote: With all that in mind, I think this one-man operation is pretty damn speedy. absolutely, but... let's step into the managerial mind for a little while: Well, let's put this properly. Vincent doesn't *need* help. Vincent would like help. Vincent's wife would like help. But Vincent is a trooper and can do the job he is paid to do, no question. But if Vincent doesn't 'get a life' he will burn out. Bah. I hang out with my wife and kid occassionally, do my own thing every once in a while, and generally have a good time. The benefit to you guys is that I love my job and have fun (most of the time) doing what I do... so the extra time involved ends up being enjoyable for me. Honestly, over the last three years I've taken perhaps a month, in total, of vacation time. I don't feel in the least burnt out. A little tired some days (the joys of having a two-year old child and shiznitz like this openssh business), but on the whole... not a big deal at all. User complaints help steer things to path 2. Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Absolutely the preferred option. But would customer complaints help here? Having been a manager short of cash, I think they would only annoy. Now when things start to look better, that might be the time to signal our preferences. You're probably right. I think, at this point, complaints will do nothing. More folks need to put their money where their mouth is, get on board, do the right thing to ensure their OS of choice sticks around, and when the cash starts to surplus a little more, then I think you have an honest argument to say listen, we did what we had to do to keep you guys around, now you do what you have to do to keep us around. That's the way things work. Meanwhile, Vincent, you do a great job Thanks! -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Thu, 2003-09-18 at 12:39, Vincent Danen wrote: On Wed Sep 17, 2003 at 09:41:34PM -0700, Jack Coates wrote: Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Let's try path #4. Go to Scotland and get Vincent cloned. You don't have to name him Dolly #3, really! And pls. let's not get into that geek/sheep thing! Ummm... let's not. I really don't think the world needs two of me... =) I appreciate Vincent's work and whenever there's a way to help, Vincent, you know where to find me. Thanks, Wolfgang. The sentiments are appreciated. Thanks from here too for the hard work you do Vincent. Tuning in to the list on top of security updates is over and above the call of duty :-) =) Unfortunately, there's no one else active on the expert list.. the developers are (understandably) taken up on the cooker list, so someone has to hang out here with the experts... =) Vincent, Why is it I detect a sense of wry sarcasm in that last word. *grin* James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Thu Sep 18, 2003 at 07:29:36PM -0700, James Sparenberg wrote: Thanks from here too for the hard work you do Vincent. Tuning in to the list on top of security updates is over and above the call of duty :-) =) Unfortunately, there's no one else active on the expert list.. the developers are (understandably) taken up on the cooker list, so someone has to hang out here with the experts... =) Vincent, Why is it I detect a sense of wry sarcasm in that last word. *grin* Ummm... no sarcasm here... honest. =) Seriously, tho, I sometimes think this list is full of experts, then other times I think all the newbies on the newbie list hang out here just to question the minority experts, but that could just be me. =) Either way is fine and I'm happy to hang out with the experts/newbies alike. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
RE: [expert] Why is urpmi such a pain in the ...?
Today, Mandrake has issued a security update to ssh They did? How do you recieve notification? I though I was subscribed to the exploit list, but I haven't recieved a message in well over 6 months. Do I need to resubscribe or are you receiving noitification by other means? Obviously, staying up to date on exploits is a top priority and I'd like to be in the loop =) (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wednesday, September 17, 2003, at 12:17 AM, James Sparenberg wrote: On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi No not every time. Try to do an online update for the NVidia drivers. 100% failure on 6 boxes. As for the problem. Did you do urpmi.update -a first? If your inbox records are behind the servers records then what it's telling you is correct. That may be a little unfair to SuSE. The NVidia drivers are closed source and so they can be a challenge for any distribution. As I understand it, people fixed the problem by using the older driver. But my point was not to talk about a specific patch. It would be also nice if Mandrake would send notification about security patches to their mailing lists. In generalshould look into tightening the update process when it comes to security patches. Unlike regular updates that may not be very important some security patches can be critical. Also downloading the list of files can be a major pain. Couple of 15MB lists can take awhile, even at IDSL speeds (144K) not to mention dial-up speeds. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. Avi On Wednesday, September 17, 2003, at 08:02 AM, Tango Echo wrote: Today, Mandrake has issued a security update to ssh They did? How do you recieve notification? I though I was subscribed to the exploit list, but I haven't recieved a message in well over 6 months. Do I need to resubscribe or are you receiving noitification by other means? Obviously, staying up to date on exploits is a top priority and I'd like to be in the loop =) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Why is urpmi such a pain in the ...?
That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. Avi That's strange! I think of individuals that are familiar with Linux to be more security oriented... Ya know, it would be best to either have some type of notification OR an auto updater like what XP has - Check for updates, downloaded when read and confirm install or automatically download and install... So I guess the answer to my question is: Check mandrakesecure.net at least once a week - look on the right side for Recent Mandrake Linux Advisories? On Wednesday, September 17, 2003, at 08:02 AM, Tango Echo wrote: Today, Mandrake has issued a security update to ssh They did? How do you recieve notification? I though I was subscribed to the exploit list, but I haven't recieved a message in well over 6 months. Do I need to resubscribe or are you receiving noitification by other means? Obviously, staying up to date on exploits is a top priority and I'd like to be in the loop =) be in the loop =) __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Maybe you should check your mirror. Did you try urpmq -f to check the new packages are available in your URPM base ? I guess you did an urpmi.update -a too before trying the update ? There was no error message ? Eric Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Tango Echo kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 16:39): That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. Avi That's strange! I think of individuals that are familiar with Linux to be more security oriented... Ya know, it would be best to either have some type of notification OR an auto updater like what XP has - Check for updates, downloaded when read and confirm install or automatically download and install... So I guess the answer to my question is: Check mandrakesecure.net at least once a week - look on the right side for Recent Mandrake Linux Advisories? Go to: http://www.mandrakesecure.net/en/mlist.php and choose wich varnings you want mailed to you... -- Regards Thomas Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 06:39, Tango Echo wrote: That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. Avi That's strange! I think of individuals that are familiar with Linux to be more security oriented... Ya know, it would be best to either have some type of notification OR an auto updater like what XP has - Check for updates, downloaded when read and confirm install or automatically download and install... man urpmi and man cron. ... -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 06:39, Tango Echo wrote: That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. Avi That's strange! I think of individuals that are familiar with Linux to be more security oriented... Ya know, it would be best to either have some type of notification OR an auto updater like what XP has - Check for updates, downloaded when read and confirm install or automatically download and install... man urpmi and man cron. ... -- Jack Coates Monkeynoodle: A Scientific Venture... dle: A Scientific Venture... Hi Jack, Thanks for the reminder... However I should have been more clear in what I was trying to say. We can all agree that Mandrake is known as the newbie's Linux while of course still remaining a powerful operating system. I was suggesting that Mandrake include some type of update app automatically ready to be configured in the window manager (etc). Therefor, when the newb logs in, they are asked to configure the update app just like in XP. While the updates may not be as severe and critical as they may be in the Windows world, they are still important. I guess I should have anticipated your reply since I AM posting on the expert list ;) Tango __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Thomas Backlund schrieb am Wed, 17 Sep 2003 16:46:10 +0300: Tango Echo kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 16:39): So I guess the answer to my question is: Check mandrakesecure.net at least once a week - look on the right side for Recent Mandrake Linux Advisories? Go to: http://www.mandrakesecure.net/en/mlist.php and choose wich varnings you want mailed to you... ...and/or subscribe to the Mandrake Community Newsletter (issued 2x per month) which contains a Security Updates section. wobo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 17 Sep 2003 08:16:07 -0500, Avi Schwartz [EMAIL PROTECTED] wrote: It would be also nice if Mandrake would send notification about security patches to their mailing lists. I this is a good idea, too. Miark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Hi Jack, Thanks for the reminder... However I should have been more clear in what I was trying to say. We can all agree that Mandrake is known as the newbie's Linux while of course still remaining a powerful operating system. I was suggesting that Mandrake include some type of update app automatically ready to be configured in the window manager (etc). Therefor, when the newb logs in, they are asked to configure the update app just like in XP. While the updates may not be as severe and critical as they may be in the Windows world, they are still important. I guess I should have anticipated your reply since I AM posting on the expert list ;) Tango I proposed that idea on the cooker ML after release of 9.1. The idea was to perform an automatic urpmi.update command on a medium if the install of a package failed with error message you may have to update your medium. Apparently it has not been implemented yet, but this could be a good idea to mdernise rpmdrake with such options : - an automatic update of media at specific times - an automatic update in case of install failure I think media sources needs to be modernised indeed. Eric Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Avi Schwartz wrote: On Wednesday, September 17, 2003, at 12:17 AM, James Sparenberg wrote: On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi No not every time. Try to do an online update for the NVidia drivers. 100% failure on 6 boxes. As for the problem. Did you do urpmi.update -a first? If your inbox records are behind the servers records then what it's telling you is correct. That may be a little unfair to SuSE. The NVidia drivers are closed source and so they can be a challenge for any distribution. As I understand it, people fixed the problem by using the older driver. But my point was not to talk about a specific patch. It would be also nice if Mandrake would send notification about security patches to their mailing lists. In generalshould look into tightening the update process when it comes to security patches. Unlike regular updates that may not be very important some security patches can be critical. Also downloading the list of files can be a major pain. Couple of 15MB lists can take awhile, even at IDSL speeds (144K) not to mention dial-up speeds. Avi They do announce security patches. http://www.mandrakesecure.net/en/mlist.php As far as the list of files-- goes go to: http://www.zarb.org/~nanardon/ and set up an update source that uses rsync instead of ftp or http. Then when you run urpmi.update -a it will download only the differences in the list instead of the whole list. -- Brant Fitzsimmons [EMAIL PROTECTED] ___ Linux user #322847 | Linux machine #207465 | http://counter.li.org/ AMD Duron 1.3GHz | Mandrake 9.1 | Kernel 2.4.21-0.16mm-mdk KDE 3.1.3 | Mozilla 1.4 Mail Client Uptime: 12:25:01 up 10 days, 23:41, 1 user, load average: 0.08, 0.25, 0.18 ___ All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident. -Arthur Schopenhauer (1788-1860) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 06:16, Avi Schwartz wrote: On Wednesday, September 17, 2003, at 12:17 AM, James Sparenberg wrote: On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi No not every time. Try to do an online update for the NVidia drivers. 100% failure on 6 boxes. As for the problem. Did you do urpmi.update -a first? If your inbox records are behind the servers records then what it's telling you is correct. That may be a little unfair to SuSE. The NVidia drivers are closed source and so they can be a challenge for any distribution. As I understand it, people fixed the problem by using the older driver. But my point was not to talk about a specific patch. It would be also nice if Mandrake would send notification about security patches to their mailing lists. In generalshould look into tightening the update process when it comes to security patches. Unlike regular updates that may not be very important some security patches can be critical. Also downloading the list of files can be a major pain. Couple of 15MB lists can take awhile, even at IDSL speeds (144K) not to mention dial-up speeds. Avi Two points here. 1. use the synthesis.hdlist.cz instead of hdlist.cz (huge diff in size) 2. Under Configuration-other in your menu you'll find Discover Custom Services If you buy a boxed set or are a club member you can setup auto notification (via e-mail) and even auto update of a box. james __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 06:02:22AM -0700, Tango Echo wrote: They did? How do you recieve notification? I though I was subscribed to the exploit list, but I haven't recieved a message in well over 6 months. Do I need to resubscribe or are you receiving noitification by other means? Obviously, staying up to date on exploits is a top priority and I'd like to be in the loop =) The exploit list is for discussing exploits... the announce list is for announcements. You at least want to be subscribed to the latter. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 08:19:45AM -0500, Avi Schwartz wrote: That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. The only problem is that you're not subscribed to the right mailing list. Subscribe to the announce list (via MandrakeSecure, the very site you were on). Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) And no, announcements will not be going to this list or any other list other than the announce list. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 17 Sep 2003 12:03:59 -0600 Vincent Danen [EMAIL PROTECTED] wrote: The only problem is that you're not subscribed to the right mailing list. Subscribe to the announce list (via MandrakeSecure, the very site you were on). It is all documented on the mailing list page Security holes are fixed as soon as possible when they are discovered. Most of the new packages can easily be upgraded just by running ``MandrakeUpdate'' regularly. All security-related mailing-lists are listed at: http://www.mandrakesecure.net/en/mlist.php; Which in turn discloses this: [EMAIL PROTECTED] is a read-only list which will inform you of new updates (security, bugfix, etc.) for all supported Mandrake Linux distributions. One can subscribe to it in the same manner as this list. Charles -- Show me a good loser, and I'll show you a loser. -- Vince Lombardi, football coach - Mandrake Linux 9.2 on PurpleDragon Kernel-2.4.22-9mdkenterprise http://www.eslrahc.com - pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Wednesday, September 17, 2003, at 11:38 AM, Brant Fitzsimmons wrote: Avi Schwartz wrote: Also downloading the list of files can be a major pain. Couple of 15MB lists can take awhile, even at IDSL speeds (144K) not to mention dial-up speeds. Avi and set up an update source that uses rsync instead of ftp or http. Then when you run urpmi.update -a it will download only the differences in the list instead of the whole list. That's great, I wasn't aware that there are sites allowing rsync. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wednesday, September 17, 2003, at 01:03 PM, Vincent Danen wrote: On Wed Sep 17, 2003 at 08:19:45AM -0500, Avi Schwartz wrote: That is another problem. I found out about it from other distribution's security announcements then I checked MandrakeSecure and found that they posted the information there. They should send an announcement like this to the mailing lists. The only problem is that you're not subscribed to the right mailing list. Subscribe to the announce list (via MandrakeSecure, the very site you were on). Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) And no, announcements will not be going to this list or any other list other than the announce list. I appreciate the information and I just subscribed to the announce list. However, the same way I didn't know about the [EMAIL PROTECTED] list I am sure there are many others that are not aware of it. If there is a bug that has a potential of becoming a way to break into a computer I feel that all mailing list be notified of it to minimize the potential damage. Mandrake may have many newbies (I hope you do, you need the business) which are new to Linux and may need this extra help. One nice touch SuSE has is a small icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wednesday 17 Sep 2003 7:52 pm, Avi Schwartz wrote: I appreciate the information and I just subscribed to the announce list. However, the same way I didn't know about the [EMAIL PROTECTED] list I am sure there are many others that are not aware of it. If there is a bug that has a potential of becoming a way to break into a computer I feel that all mailing list be notified of it to minimize the potential damage. Mandrake may have many newbies (I hope you do, you need the business) which are new to Linux and may need this extra help. One nice touch SuSE has is a small icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. I'm sure that somewhere I was asked if I wanted to subscribe to announce, when I first installed. On my own box run Mandrake Update weekly, but if I had a server I would be doing it every day. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wednesday, September 17, 2003, at 01:03 PM, Vincent Danen wrote: Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) As I said, I did pay attention since I knew about it before Mandrake announced it. Anyway, how do you subscribe to the RSS feed? What is the url? Thanks, Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 01:52:09PM -0500, Avi Schwartz wrote: Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) And no, announcements will not be going to this list or any other list other than the announce list. I appreciate the information and I just subscribed to the announce list. However, the same way I didn't know about the [EMAIL PROTECTED] list I am sure there are many others that are not aware of it. If there is a bug that has a potential of becoming a way to break into a computer I feel that all mailing list be notified of it to minimize the potential damage. Mandrake may have many newbies (I hope you do, you need the business) which are new to Linux and may need this extra help. One nice touch SuSE has is a small I'm sorry, but I disagree. I don't like the idea of spamming all of the lists (and while it might not be considered spam, why do it when there is one list that covers them all?). It's a matter of education. If someone gets on the newbie or expert list, they've likely visited the website. There is a link to the MandrakeSecure lists, clearly marked for security-related lists, on the mandrakelinux.com page where you can subscribe to the other lists. How difficult is it to subscribe to these other lists? No, one other list? Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Also, FWIW, if you sign up for MandrakeOnline, you'll get alerts sent to your inbox. icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. I agree, this would be nice and hopefully this is something that can be done for 9.3 or 10.0. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Vincent Danen kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 22:07): On Wed Sep 17, 2003 at 01:52:09PM -0500, Avi Schwartz wrote: Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) And no, announcements will not be going to this list or any other list other than the announce list. I appreciate the information and I just subscribed to the announce list. However, the same way I didn't know about the [EMAIL PROTECTED] list I am sure there are many others that are not aware of it. If there is a bug that has a potential of becoming a way to break into a computer I feel that all mailing list be notified of it to minimize the potential damage. Mandrake may have many newbies (I hope you do, you need the business) which are new to Linux and may need this extra help. One nice touch SuSE has is a small I'm sorry, but I disagree. I don't like the idea of spamming all of the lists (and while it might not be considered spam, why do it when there is one list that covers them all?). It's a matter of education. If someone gets on the newbie or expert list, they've likely visited the website. There is a link to the MandrakeSecure lists, clearly marked for security-related lists, on the mandrakelinux.com page where you can subscribe to the other lists. How difficult is it to subscribe to these other lists? No, one other list? Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Also, FWIW, if you sign up for MandrakeOnline, you'll get alerts sent to your inbox. icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. I agree, this would be nice and hopefully this is something that can be done for 9.3 or 10.0. AFAIK in contribs there is a package started with the aim of doing this: mdk-check-update-* I haven't tested it myself so I can't say if it works... -- Regards Thomas Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Steffen Barszus wrote: Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen I'm on Bugtraq -- I get the alert once from mandrakesecure, once from Mandrake's message to bugtraq, and once from every other Linux distributor out there, in addition to the original discovery argument. Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) -- Jack Coates Monkeynoodle.Org: Integrating Value, Simians, and Pasta Since 1996. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 02:03:48PM -0500, Avi Schwartz wrote: Advisories go out in many forms; I can't help it if you don't pay attention to one of the many: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - full-disclosure ml - RSS feed from MandrakeSecure - MandrakeSecure website (on nearly every single page) - MandrakeClub (latest advisory always on the front page) As I said, I did pay attention since I knew about it before Mandrake announced it. That wasn't your point tho, was it? You weren't aware of Mandrake's announcements. That I believe was the point. Anyway, how do you subscribe to the RSS feed? What is the url? http://www.mandrakesecure.net/en/advisories/rss.php IIRC. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
Avi Schwartz wrote: [..] need this extra help. One nice touch SuSE has is a small icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. Avi In cooker contrib/, there is such an app that has been recently written, mutray: MUTray sits in the KDE system tray, and displays a notification when there are new updates. It can then install the packages with urpmi. I think the binary will work in 9.1 or rebuild the contrib/SRPMS/mutray-0.3-2mdk.src.rpm package. Rolf Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen I'm on Bugtraq -- I get the alert once from mandrakesecure, once from Mandrake's message to bugtraq, and once from every other Linux distributor out there, in addition to the original discovery argument. Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with you announced it so where is it? messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 17 Sep 2003 13:20:36 -0700 Rolf Pedersen [EMAIL PROTECTED] wrote: Avi Schwartz wrote: [..] need this extra help. One nice touch SuSE has is a small icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. Avi In cooker contrib/, there is such an app that has been recently written, mutray: MUTray sits in the KDE system tray, and displays a notification when there are new updates. It can then install the packages with urpmi. I think the binary will work in 9.1 or rebuild the contrib/SRPMS/mutray-0.3-2mdk.src.rpm package. Rolf Sylpheed-Claws has such a plug-in to tell me when I have mail. Scared me to death the first time everything flashed. Thought kde had suffered a cardiac thing. I unplugged it. I always have new mail. Lee Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 17 Sep 2003 22:25:04 +0300, Thomas Backlund [EMAIL PROTECTED] wrote about Re: [expert] Why is urpmi such a pain in the ...?: Vincent Danen kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 22:07): { Avi Schwartz [EMAIL PROTECTED] } icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. I agree, this would be nice and hopefully this is something that can be done for 9.3 or 10.0. AFAIK in contribs there is a package started with the aim of doing this: mdk-check-update-* I haven't tested it myself so I can't say if it works... With all due respect to you all, but I don`t like the idea one bit. It means Mandrakesoft has a line into my taskbar which I did not ask for. Just as I don`t like Microsoft working interactively with my computer, or other adware/spyware calling home when I still used Windows, I wouldn`t like Mandrakesoft to have a thread into any corner of my boxes. If it`s an optional package, fine I won`t use it. If it comes built in the distro I will disable it, remove it or whatever it takes to avoid it. It goes against my sense of privacy. Maybe not to that of others, very well, but I don`t like the idea. Just my EUR 0.02. Ciao, =Dick Gevers= Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Are you serious?? One man operation?? What will happen if/when the heat stroke gets you? Wandering. --- Vincent Danen [EMAIL PROTECTED] wrote: On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote: Problem is people don't take security seriously, so they don't sign up for the list. There isn't much we can do to combat that... in the same way, they may skip those messages we put on every single list and then what? Yep agree. It would be a horror to spam the lists !!!Getting it four times with an interest in security even five times ? No way. I inform me on what i'm interested in. running urpmi update in cron and looking sometimes on mandrakesecure should be enough. Even on servers. Steffen I'm on Bugtraq -- I get the alert once from mandrakesecure, once from Mandrake's message to bugtraq, and once from every other Linux distributor out there, in addition to the original discovery argument. Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with you announced it so where is it? messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} ATTACHMENT part 2 application/pgp-signature __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Dick Gevers wrote: On Wed, 17 Sep 2003 22:25:04 +0300, Thomas Backlund [EMAIL PROTECTED] wrote about Re: [expert] Why is urpmi such a pain in the ...?: Vincent Danen kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 22:07): { Avi Schwartz [EMAIL PROTECTED] } icon in the KDE task bar which changes color when there are updates available. Click on it and you get a menu allowing you to check for updates, show the last update log or start the update process. very nice, clean and can help users keep their system safe. I agree, this would be nice and hopefully this is something that can be done for 9.3 or 10.0. AFAIK in contribs there is a package started with the aim of doing this: mdk-check-update-* I haven't tested it myself so I can't say if it works... With all due respect to you all, but I don`t like the idea one bit. It means Mandrakesoft has a line into my taskbar which I did not ask for. Just as I I don't think that's what it means. What it means is a cron job runs urpmi.update to check if the update files on the mirror have changed and, if so, notify the user that a new update is available. This is no more revealing of your private information than running MandrakeUpdate in attended mode. Rolf don`t like Microsoft working interactively with my computer, or other adware/spyware calling home when I still used Windows, I wouldn`t like Mandrakesoft to have a thread into any corner of my boxes. If it`s an optional package, fine I won`t use it. If it comes built in the distro I will disable it, remove it or whatever it takes to avoid it. It goes against my sense of privacy. Maybe not to that of others, very well, but I don`t like the idea. Just my EUR 0.02. Ciao, =Dick Gevers= Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
With all due respect to you all, but I don`t like the idea one bit. It means Mandrakesoft has a line into my taskbar which I did not ask for. Just as I don`t like Microsoft working interactively with my computer, or other adware/spyware calling home when I still used Windows, I wouldn`t like Mandrakesoft to have a thread into any corner of my boxes. If it`s an optional package, fine I won`t use it. If it comes built in the distro I will disable it, remove it or whatever it takes to avoid it. It goes against my sense of privacy. Maybe not to that of others, very well, but I don`t like the idea. I've been looking at many of the auto-update features for different distros. RedHat keeps a central database of installed packages if you use their up2date mechanism, and this would probably irk many users. However, most of the others seem to be passive updaters. I.e., they pull down a list of packages and compare them locally *without* sending any information to a central database. In any case, Mandrake's really cool distributed update system would likely preclude an update mechanism that needed a single database. I would like to see a centralized management console for Mandrake systems. The designated management station could maintain a list of updates as some sort of server; the clients (whether local on on the LAN or 'Net) could then query the central server and update the local package database. This would be useful because it allows an operator to get an idea of a system's patch status without needing the machine to be online. The central server need not be an official site, but could be another machine on the LAN that you control. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Vincent Danen wrote: On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote: ... Mandrake is typically pretty slow about updates compared to RH and Gentoo, but hopefully that'll change if/when they hire Vincent some minions :-) I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with you announced it so where is it? messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. absolutely, but... let's step into the managerial mind for a little while: fact: Vincent is working really hard, doing a job that takes six people at other companies. He's typically a few hours behind those other companies, but the users don't complain much. Vincent says he needs help when we get some money. path 1: Ignore the situation until Vincent flames out, then hire some starry-eyed outsider who thinks he can fix everything. path 2: When the money starts coming in again, hire some college kids to help out. Rinse and repeat until a couple of them stick on. User complaints help steer things to path 2. -- Jack Coates Monkeynoodle.Org: Integrating Value, Simians, and Pasta Since 1996. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wednesday, September 17, 2003, at 03:29 PM, Vincent Danen wrote: I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with you announced it so where is it? messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. My hat's off to you. One person? This is impressive. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 17 Sep 2003 14:14:27 -0700, Rolf Pedersen [EMAIL PROTECTED] wrote about Re: [expert] Why is urpmi such a pain in the ...?: It means Mandrakesoft has a line into my taskbar which I did not ask for. I don't think that's what it means. What it means is a cron job runs urpmi.update to check if the update files on the mirror have changed and, if so, notify the user that a new update is available. This is no more revealing of your private information than running MandrakeUpdate in attended mode. Please forgive me for not understanding that immediately. That makes it quite clear, thank you. Regards, =Dick Gevers= -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Encryption is an envelope - the contents are private. iD8DBQE/aNp2wC/zk+cxEdMRAgQBAKCSiSSzCBR41sM5EVDimJFWJwUctACg4gno pOok/p9/GH6zZDq1jIJzFD0= =7Mvz -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 02:07:26PM -0700, Ricardo (Tru64 User) wrote: Are you serious?? One man operation?? What will happen if/when the heat stroke gets you? Wandering. What heat stroke? Anyways, there is a backup person in case I do get run over, drowned, beat by my wife, etc. so no worries there.. that is taken care of. Should I perish, updates will continue to roll out. Other than the secteam (for whom I am extremely grateful as they make testing that much easier), there is just me for the management of stuff. Which is ok... the current load is a piece of cake compared to what I was dealing with prior to the EOL policy coming into play. =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Wed Sep 17, 2003 at 02:42:25PM -0700, Jack Coates wrote: I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with you announced it so where is it? messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. absolutely, but... let's step into the managerial mind for a little while: Oh no... not *that* mind... =) fact: Vincent is working really hard, doing a job that takes six people at other companies. He's typically a few hours behind those other companies, but the users don't complain much. Vincent says he needs help when we get some money. Well, let's put this properly. Vincent doesn't *need* help. Vincent would like help. Vincent's wife would like help. But Vincent is a trooper and can do the job he is paid to do, no question. path 1: Ignore the situation until Vincent flames out, then hire some starry-eyed outsider who thinks he can fix everything. /me shudders path 2: When the money starts coming in again, hire some college kids to help out. Rinse and repeat until a couple of them stick on. /me shudders again User complaints help steer things to path 2. Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
Vincent Danen schrieb am Wed, 17 Sep 2003 17:14:07 -0600: Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Let's try path #4. Go to Scotland and get Vincent cloned. You don't have to name him Dolly #3, really! And pls. let's not get into that geek/sheep thing! I appreciate Vincent's work and whenever there's a way to help, Vincent, you know where to find me. wobo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Thu Sep 18, 2003 at 02:01:32AM +0200, Wolfgang Bornath wrote: Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Let's try path #4. Go to Scotland and get Vincent cloned. You don't have to name him Dolly #3, really! And pls. let's not get into that geek/sheep thing! Ummm... let's not. I really don't think the world needs two of me... =) I appreciate Vincent's work and whenever there's a way to help, Vincent, you know where to find me. Thanks, Wolfgang. The sentiments are appreciated. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 17 Sep 2003, Eric Fernandez wrote: I proposed that idea on the cooker ML after release of 9.1. The idea was to perform an automatic urpmi.update command on a medium if the install of a package failed with error message you may have to update your medium. I don't think that this is as simple a solution as it may appear, as the reason that the word may is included in that error message (which BTW actually reads, You may need to update your urpmi database) is that an out-of-date urpmi database is *not* the only possible source of the error - and isn't even necessarily the most likely one, in my experience. The error message is returned whenever the contents of urpmi's RPM cache directory (/var/cache/urpmi/rpms/) does not match what urpmi expects to see there, once any downloading and/or copying into it has completed. This is quite often merely due to one or more of the download attempts having failed to establish a connection to the target mirror; for example, if the mirror is a busy one, and has reached its limit of permitted simultaneous users, any further connection attempts (by anyone) to it will fail, until one of the currently-in-use ones completes. No connect = no d/l = error. The problem, of course, is that urpmi has no idea *why* the RPM isn't in the cache dir - it just knows that it's amongst the missing. The database itself could exactly reflect the available RPMs, yet the error occurs. :( This happens rather a lot IMO with urpmi's default d/l client, curl, which does not make more than one attempt to get a file. For this reason, I use the --wget switch with both urpmi and urpmi.update, to force it to use wget in lieu of curl. I even have aliases set up in /etc/bashrc for this: alias urpmi='/usr/sbin/urpmi --wget' alias uu='/usr/sbin/urpmi.update --wget -a' alias ua='/usr/sbin/urpmi --wget --auto-select' Typing uuua gets all my sources synced, and picks out the updates. I purposely do not use the --auto switch with the latter, as I prefer to see exactly which packages are selected before I allow it to proceed. ;) -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 9.0 Listen, here's the thing. If you can't spot the sucker in your first half hour at the table, then you *are* the sucker. - Mike McDermott Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 16:14, Vincent Danen wrote: ... path 1: Ignore the situation until Vincent flames out, then hire some starry-eyed outsider who thinks he can fix everything. /me shudders path 2: When the money starts coming in again, hire some college kids to help out. Rinse and repeat until a couple of them stick on. /me shudders again User complaints help steer things to path 2. Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). It's certainly true that competent people cost a lot less than they did last year; dang near cheap as college kids now. I think I'd better stop typing before I rhapsodize too much about how well the economy is recovering. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Wed, 2003-09-17 at 17:34, Vincent Danen wrote: On Thu Sep 18, 2003 at 02:01:32AM +0200, Wolfgang Bornath wrote: Let's try path #3. Get someone competent so Vincent doesn't have to re-train multiple people (thus wasting enormous amounts of time). Let's try path #4. Go to Scotland and get Vincent cloned. You don't have to name him Dolly #3, really! And pls. let's not get into that geek/sheep thing! Ummm... let's not. I really don't think the world needs two of me... =) I appreciate Vincent's work and whenever there's a way to help, Vincent, you know where to find me. Thanks, Wolfgang. The sentiments are appreciated. Thanks from here too for the hard work you do Vincent. Tuning in to the list on top of security updates is over and above the call of duty :-) -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Sylpheed-Claws has such a plug-in to tell me when I have mail. Scared me to death the first time everything flashed. Thought kde had suffered a cardiac thing. I got a good chuckle out of your post. I unplugged it. I always have new mail. Hey, so do i :) -- Mandrake HowTo's More: http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Why is urpmi such a pain in the ...?
Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Your success with Mandrake Update depends on the mirror you have setup as your update source. Mandrake just released the updated packages and it takes time for all of the update mirrors to sync with Mandrake's server. You may need to give your mirror some time to actually get the updates from the mothership. Once that is done you should be able to update without a hitch. I just did and it went as smooth as usual. Also, you need to run urpmi.update -a first to make sure your box knows that there are updates available. Then run urpmi -v --updates --auto-select or urpmi -v --auto-select to actually download and install the updates. -- Brant Fitzsimmons [EMAIL PROTECTED] ___ Linux user #322847 | Linux machine #207465 | http://counter.li.org/ AMD Duron 1.3GHz | Mandrake 9.1 | Kernel 2.4.21-0.16mm-mdk KDE 3.1.3 | Mozilla 1.4 Mail Client Uptime: 23:30:00 up 10 days, 10:46, 1 user, load average: 0.36, 0.16, 0.11 ___ All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident. -Arthur Schopenhauer (1788-1860) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Tuesday, September 16, 2003, at 10:38 PM, Brant Fitzsimmons wrote: Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Your success with Mandrake Update depends on the mirror you have setup as your update source. Mandrake just released the updated packages and it takes time for all of the update mirrors to sync with Mandrake's server. You may need to give your mirror some time to actually get the updates from the mothership. Once that is done you should be able to update without a hitch. I just did and it went as smooth as usual. Also, you need to run urpmi.update -a first to make sure your box knows that there are updates available. Then run urpmi -v --updates --auto-select or urpmi -v --auto-select to actually download and install the updates. I did urpmi.update -a first, but I guess I need to look for better mirrors. Is there a way to find out which mirrors are updated more frequently? Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
it may be that like me you have installed some package via cooker that might have required a later openssh? i found i had 3.6.1p2-4 and therefore 3.6.1p2-1.1 was seen as not an upgrade, i'm hopefull that there will a further cooker package with the needed patch becasue when i went to uninstall openssh and then insatll the upgrade i had problems, but you should try that too since my problems are hopefully local to me bascule On Wednesday 17 Sep 2003 4:05 am, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi -- A man could go far, knowing his rights like you do, said Granny. But right now he should go home. (Wyrd Sisters) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Tue Sep 16, 2003 at 10:05:18PM -0500, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Did you do urpmi.update -a first? -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Tue Sep 16, 2003 at 10:45:07PM -0500, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Your success with Mandrake Update depends on the mirror you have setup as your update source. Mandrake just released the updated packages and it takes time for all of the update mirrors to sync with Mandrake's server. You may need to give your mirror some time to actually get the updates from the mothership. Once that is done you should be able to update without a hitch. I just did and it went as smooth as usual. Also, you need to run urpmi.update -a first to make sure your box knows that there are updates available. Then run urpmi -v --updates --auto-select or urpmi -v --auto-select to actually download and install the updates. I did urpmi.update -a first, but I guess I need to look for better mirrors. Is there a way to find out which mirrors are updated more frequently? http://www.mandrakesecure.net/en/ftp.php -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ lynx -source http://linsec.ca/vdanen.asc | gpg --import {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Why is urpmi such a pain in the ...?
On Tuesday, September 16, 2003, at 10:52 PM, Vincent Danen wrote: On Tue Sep 16, 2003 at 10:45:07PM -0500, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Your success with Mandrake Update depends on the mirror you have setup as your update source. Mandrake just released the updated packages and it takes time for all of the update mirrors to sync with Mandrake's server. You may need to give your mirror some time to actually get the updates from the mothership. Once that is done you should be able to update without a hitch. I just did and it went as smooth as usual. Also, you need to run urpmi.update -a first to make sure your box knows that there are updates available. Then run urpmi -v --updates --auto-select or urpmi -v --auto-select to actually download and install the updates. I did urpmi.update -a first, but I guess I need to look for better mirrors. Is there a way to find out which mirrors are updated more frequently? http://www.mandrakesecure.net/en/ftp.php Perfect. Thanks you! Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
I had 3.6.1p1 installed, but as other have pointed out, I was probably using a mirror that was not updated yet. Avi On Tuesday, September 16, 2003, at 10:48 PM, bascule wrote: it may be that like me you have installed some package via cooker that might have required a later openssh? i found i had 3.6.1p2-4 and therefore 3.6.1p2-1.1 was seen as not an upgrade, i'm hopefull that there will a further cooker package with the needed patch becasue when i went to uninstall openssh and then insatll the upgrade i had problems, but you should try that too since my problems are hopefully local to me bascule On Wednesday 17 Sep 2003 4:05 am, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi where are you physically? Mandrake's mirrors in the Pacific Standard Time Zone tend to be pretty far behind. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Tuesday, September 16, 2003, at 11:27 PM, Jack Coates wrote: On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi where are you physically? Mandrake's mirrors in the Pacific Standard Time Zone tend to be pretty far behind. Chicago, CST. Avi Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why is urpmi such a pain in the ...?
On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote: Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating). I updated all the sources but urpmi --update --auto-select told me that everything is up to date. Tried the graphical updater, the same story. I ended up downloading the new RPMs and installing them manually. How am I supposed to trust DrakeUpdate and urpmi? This is something Mandrake can learn from SuSE. Their online update works perfectly every time. Avi No not every time. Try to do an online update for the NVidia drivers. 100% failure on 6 boxes. As for the problem. Did you do urpmi.update -a first? If your inbox records are behind the servers records then what it's telling you is correct. James __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com