On Mon, 06 Mar 2006 at 10:49:45 +0000, paddy wrote: > On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Pe?a > wrote: > > > > I don't believe it does. Cron-apt is a pull mechanism (download the > > latest packages, check if there are upgrades and notify the admin). > > A mail filter which parses the DSAs and tells people to update is a push > > mechanism. > > > > Notice that in the later (push) you could have somebody review if the > > update is critical enough, or only tell systems to upgrade once the patch > > has been tested internally. That seems easier to me than, in the pull > > system, > > set up an intermediate mirror of security.debian.org with *approved* > > updates, > > have the systems update automatically and have a sysadmin move the updates > > from the official mirror over to that internal mirror based on whether the > > update is critical or not. > > > > Also, in my mind's view, a push mechanism is bound to be more effective than > > probing the security mirror daily and could also be capable of narrowing the > > time between patch release and installation (if automated) since you don't > > have to wait for a given point in time to make the check. > > Perhaps freshclam's dns based mechanism may also be of interest as a point > of comparison ? (I'm sorry I'm not able to describe it in detail off the top > of my head, but the paralell seems obvious) >
In case it's of any help, there's some documentation on how ClamAV mirrors are set - at http://www.clamav.net/doc/mirrors/ . HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
