So what about Linux-from-Scratch? Or whatever else. I'm not saying it's a bad idea, I'm just saying that keeping a distro current is reasonably distro specific. Or at least it's package manager specific...
Kev. ----- Original Message ----- From: "Jeffrey Clement" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 3:38 PM Subject: Re: (clug-talk) Linux gets a worm! > It could be similar with Gentoo. Best would simply be to add something like: > emerge rsync > emerge world -p | mail [EMAIL PROTECTED] > to crontab. It would sync the portage tree and then list off which packages have been changed. You could have it automatically install but I would think that falls in the category of bad idea. > > Jeff > > On Tue, Sep 17, 2002 at 03:29:49PM -0600, S�bastien Taylor wrote: > > The Debian and YellowDog (and I think Connectivia) one would be easy, > > set your /etc/apt/sources.list to subscribe to the security updates, and > > have a cron job run nightly doing a 'apt-get update && apt-get upgrade' > > ...that would keep you current. But a presentation on the nuances of > > some of the other systems could be interesting. > > > > > > Kevin Anderson a �crit: > > > > >Apt-get works much different than Portage which works different than > > >Mandrake Update Robot, which is different than YaST2, which is different > > >than up2date, with the last even adding the possibility of a cost to the > > >equation. And hardest of all is manually checking the installed packages, > > >and then visiting the appropriate sites to update them individually. > > > > > >It might be better to have a few people co-ordinate a presentation, with > > >each demoing their favorite distro's tool/utility. > > > > > >Kev. > > > > > > > > >----- Original Message ----- > > >From: "Jarrod Major" <[EMAIL PROTECTED]> > > >To: <[EMAIL PROTECTED]> > > >Sent: Tuesday, September 17, 2002 10:37 AM > > >Subject: Re: (clug-talk) Linux gets a worm! > > > > > > > > > > > > > > >>This sounds like an excellent topic for a presentation. Anyone want to > > >>tackle it next month? We do not have a presentation scheduled and as such > > >> > > >> > > >it > > > > > > > > >>would be nice of someone came forward. > > >> > > >>Trevor, interested? > > >> > > >>Jarrod Major > > >>CLUG Treasurer > > >>Registered Linux User > > >> > > >>----- Original Message ----- > > >>From: "Trevor Lauder" <[EMAIL PROTECTED]> > > >>To: <[EMAIL PROTECTED]> > > >>Sent: Tuesday, September 17, 2002 10:32 AM > > >>Subject: Re: (clug-talk) Linux gets a worm! > > >> > > >> > > >> > > >> > > >>>Even if you are running only services you want, those services still may > > >>>require updating and monitoring. If someone isn't keeping up on > > >>> > > >>> > > >updates, > > > > > > > > >>>etc and they get hacked because of it then they get what they deserve > > >>> > > >>> > > >and > > > > > > > > >>>I feel no sympathy for them. Just because Linux/Netware are stable OSes > > >>>doesn't mean they don't need babysitting (By this I mean: watching the > > >>>logs, monitoring the network they are on). The problem with the average > > >>>NT/2000 or MCSE administrator is that Microsoft is promoting lazy/cheap > > >>>administration. A lot of those administrators that come over to linux > > >>>bring those bad habits with them, and when something bad happens they > > >>>blame it on the OS when the blame should in fact lie with themselves. > > >>>Just my 2 cents. > > >>> > > >>> > > >>> > > >>>>One of the benefits of Linux is that it doesn't need to be babysat. > > >>>> > > >>>>I know this is an arguable thing, but I like that I set up a machine > > >>>> > > >>>> > > >at > > > > > > > > >>>>one of our remote locations, and it hasn't been signed into in well > > >>>> > > >>>> > > >over > > > > > > > > >>>>a year. > > >>>> > > >>>>It's fine to say "be on top of things", but I want a server that runs > > >>>>like this... > > >>>> > > >>>> > > >http://www.networkcomputing.com/1119/1119f1products_2.html > > > > > > > > >>>>And I'll argue that exploit or not, this basically offers that > > >>>> > > >>>> > > >ability. > > > > > > > > >>>>Unlike NT, Linux and Netware both run only services that you want them > > >>>>to, rather than needing repeated security patches for things like > > >>>> > > >>>> > > >MEDIA > > > > > > > > >>>>PLAYER on a server. > > >>>> > > >>>>I wonder if anyone would notice if I used a Database server for > > >>>> > > >>>> > > >watching > > > > > > > > >>>>DVDs throughout the day. Maybe, but then they do have GL screensavers > > >>>>too. > > >>>> > > >>>>Kev. > > >>>> > > >>>> > > >>>> > > >>>>----- Original Message ----- > > >>>>From: "Trevor Lauder" <[EMAIL PROTECTED]> > > >>>>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > >>>><[EMAIL PROTECTED]> Sent: Monday, September 16, 2002 12:22 PM > > >>>>Subject: Re: (clug-talk) Linux gets a worm! > > >>>> > > >>>> > > >>>> > > >>>> > > >>>>>Actually, worms under linux have existed for a while now... and even > > >>>>>longer under unix. As for this exploit, I really hope anyone here > > >>>>>running SSL had that patched a while ago because the patch for that > > >>>>>exploit came out about a month ago. This exploit is targeting > > >>>>> > > >>>>> > > >servers > > > > > > > > >>>>>that haven't been updated in a at least a month and it's actually > > >>>>>hitting lots of people, pretty sad when patches have been available > > >>>>>for a while now. > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>>>-----BEGIN PGP SIGNED MESSAGE----- > > >>>>>>Hash: SHA1 > > >>>>>> > > >>>>>>Finally Linux is worth the time for someone to make a worm. Easy to > > >>>>>> > > >>>>>> > > >>>>>detect, easy to defeat, and dose not affect my server but still a > > >>>>>worm. > > >>>>> > > >>>>> > > >>>>>> > > >>>>>> > > >http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.h t > > > > > > > > >>>>ml > > >>>> > > >>>> > > >>>>>>Yes I run Apache but I don't use SSL. If you run SSL you must read > > >>>>>> > > >>>>>> > > >>>>>this. - -- > > >>>>> > > >>>>> > > >>>>>>Roy Souther <[EMAIL PROTECTED]> > > >>>>>>http://www.SiliconTao.com > > >>>>>> > > >>>>>>Live to code, code to live! > > >>>>>>-----BEGIN PGP SIGNATURE----- > > >>>>>>Version: GnuPG v1.0.6 (GNU/Linux) > > >>>>>>Comment: For info see http://www.gnupg.org > > >>>>>> > > >>>>>>iEYEARECAAYFAj2F83YACgkQCbnxcmEBt434oACgqPHbAWIcOBX6m7jOUZ2rsLJR > > >>>>>> > > >>>>>> > > >>>>>1YoAnRkdLTB42p8mS+WlaDuB5L7nV39+ > > >>>>> > > >>>>> > > >>>>>>=YkE6 > > >>>>>>-----END PGP SIGNATURE----- > > >>>>>> > > >>>>>> > > >>> > > >>> > > >>> > > >>> > > >> > > >> > > >> > > > > > > > >
