It seems I've seen in a few places that it isn't important to update the chroot too often, only when doing certain sorts of upgrades (don't ask me what the criteria are, I don't know :))
Steve, what tools/setting do you use when you go about locking down the desktop? David On Tue, Jan 5, 2010 at 5:42 PM, Steve Rippl <[email protected]>wrote: > :-) I'm a little swamped here to respond to much of anything I'm afraid! > We find currently we're updating our tc images every now and again as we > tweak some settings, but we haven't done it for security reasons at all. > We've put a lot of time into locking down the desktop as that's what the > kids will mess around with and break if they can, but I'm not too concerned > about more intricate security holes within our setup. > > > john wrote: > > Thanks Andy, > > Apparently not a hot topic for anyone else! :-) > > John > > On Sun, Jan 3, 2010 at 5:36 PM, Andy Figueroa <[email protected]> > <[email protected]> wrote: > > > Good question. I've had a small seven client LTSP computer lab running for > about 18 months now. It's running on Hardy (Ubuntu 8.04). I have upgraded > the chroot several times just to keep up-to-date for the sake of security. > (apt-get update then apt-get upgrade following the instructions in the > Edubuntu handbook) > > Since you asked the question, I've just done it again a few minutes ago - > good timing - since school starts back again tomorrow after the Christmas > holiday. > > I was surprised to see that the last time I did this and rebuilt the image > was in February 2009. The old i386.img was 291954688 and the new image is > 350814208. No apparent issues. Tomorrow we'll see if the clients boot all > right. :-) > > I'm using/booting kernel vmlinuz-2.6.24-23-generic although -26 has been > installed during regular updates. > > Andy Figueroa > > john wrote: > > > Hi all, > > Sometimes I see a patch come down the the pipeline that makes me > wonder if I should be updating the file that lives in my chroot (the > recent tzdata file patch, for example). My normal practice is never to > update my chroot (on the "if it ain't broke..." principle), although I > do sometimes add software (most recently ntp for cron powered > shutodowns) to the chroot image. > > My understanding is that one of the big reasons for the move to LTSP5 > was to integrate the native package management features into the > chroot environment under the theory that folks really wanted to keep > those environments up to date. > > So my question is: do you upgrade your chroot? Why or why-not? > > Thanks! > > John > > > > > -- > Steve Rippl > Technology Director > Woodland Public Schools > 360 225 9451 x326 > > > -- > edubuntu-users mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/edubuntu-users > >
-- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
