Vincent Danen <[EMAIL PROTECTED]> wrote: > On Fri Sep 26, 2003 at 06:51:59PM +0159, Han Boetes wrote: > > I agree that mandrake is not responsible for providing updated packages > > for contribs even when there is a security problem. But I think there > > is a nice solution: > > > > msec makes a daily list of all installed rpms. of course it could > > also fetch a list of rpms which have security problems from some > > place. It could compare those lists and then send a an email to root > > that there is a problem with a package and that it should be updated > > or removed. > > Well, that would mean someone has to maintain such a list for > contribs. For main, this is easy. Use urpmq to tell you what needs > updating in main. For contribs, it's a little more difficult because > someone has to maintain this list. > > I'll be honest, when a new vuln comes out, I grep through a listing of > files in main; I don't make file listings for contribs packages, so if > grep shows me nothing matches, I move on.
This consists of two things. First it has to be scripted. /etc/cron.weekly/rpm seems to be a nice script for this. I bet I can come up with something. And second someone has to maintain the list. I think I could do that as well. I suppose there are other contribmaintainers that will keep an eye on stuff as well. So I suppose I need a way to send a plaintext-list to a public mandrake url. Sounds like a deal? :) # Han -- http://www.xs4all.nl/~hanb/software http://www.xs4all.nl/~hanb/documents/quotingguide.html
pgp00000.pgp
Description: PGP signature
