On Tue, Apr 08, 2014 at 12:43:15AM -0400, Nick Sabalausky wrote: > On 4/8/2014 12:15 AM, H. S. Teoh wrote: > > > >I learned the hard way to always keep on top of the security > >upgrades. A year or two ago, I put off a pending upgrade for a week, > >and the day before I finally got around to it, my server was hacked > >via the same vulnerability that the upgrade would've fixed. They got > >root, so I had to nuke the system from orbit after backing up my > >data, and rebuild the server from scratch. :-( Ever since then, I've > >set up the system to notify me as soon as an update is available, and > >now I dare not delay to install it ASAP. > > > > Yea, that's a good idea. > > Is that Arch? How does your querying for security updates work? Just > querying for updates on security-related packages, or somehow > filtering on whether a package's update is security-realted...or just > a general "grab every update for everything"?
Actually, it's Debian/stable (which only gets security upgrades). I just installed cron-apt and set it up to email me about upgrades. In theory, if I were lazy, I'd set it up to just install all updates automatically, but I do like to review exactly what gets installed before installing it, since I did get bitten before by a careless upgrade breaking existing software in a major way. (The worst instance of this was when I unknowingly upgraded libc6 to a version that's incompatible with the VPS kernel, causing the dynamic linker (and thus *all* executables) to break. I had to resort to heavy-handed tactics[1] to fix it.) [1] Heavy-handed, as in: http://eusebeia.dyndns.org/bashcp T -- Жил-был король когда-то, при нём блоха жила.
