On Mon Jul 28, 2003 at 08:22:15PM -0700, Rolf Pedersen wrote: > >>Mandrake should change their kernel installation instructions in the > >>latest Security Advisory since they say there: > >> > >>"To upgrade automatically, use MandrakeUpdate. If you want to upgrade > >>manually, download the updated package(s) from one of our FTP server > >>mirrors and upgrade with "rpm -Fvh *.rpm"." > > > > > >It's a canned message. If people are going to read that part of the > >advisory, they should also read the part about following the instructions > >at > >a page on MandrakeSecure: > > > >http://www.mandrakesecure.net/en/kernelupdate.php > > > >I love it when people read the inconsequential part of an advisory and miss > >the actual advisory text. > > > > I have been among those who have diligently read through the whole page > to come across the inappropriate (wrt kernel) "canned message". It is > not easy to make a distinction between what is merely there because it > might be part of a page template and what is to be taken as part of the > instruction, especially if this is the first time you are trying to > understand how to upgrade the kernel or do any manual update. It would > be better, imo, if this could be excluded from the kernel advisories > and, also, if the url to the kernel upgrade instructions were a > hyperlink, thus making it more likely someone will follow it in their > browser and giving it more visual 'weight'.
Sure. What do you mean by making the thing a hyperlink? You mean do a <a href="http://...";>kernel update</a> thing? Why would I want to do that in an all-text (no HTML) message? A decent mail client would make that clickable or accessible (mutt does). > Regarding the instructions for the kernel upgrade, they include: > > 'Once you have modified your lilo.conf or menu.lst file, execute "lilo > -v" or "sh /boot/grub/install.sh", again depending upon your bootloader.' > > I have never re-installed grub (over 3 years) after only modifying > menu.lst and there have been others who have expressed a reservation > about this instruction. My understanding was that it was not necessary > (1) but my understanding might be incomplete, so I would appreciate some > clarification here. I don't use grub, so I can't honestly say. If someone knows definitively, please let me know. What I can do on the website is remove the "to upgrade manually" part arbitrarily.. As far as I'm concerned, everyone should be using urpmi or rpmdrake, so we'll just ignore that part. I'll also do the same with the advisory template. I'm too lazy to make the system distinguish between what should be done manually and what shouldn't be; chances are, one time I'll forget and the jackals will leap for my throat. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
