Re: [OT] still configuring [Was: Disabling spamcop plugin]
On 2016-04-13 09:12 -0400, Michael Orlitzky wrote: > package will be recompiled automatically as part of the updates. Any > packages *depending on* that package (like, if they're statically linked > to it) will also be recompiled. But also _direct_ dependencies of the affected package, if the latest version has new requirements. And this is the heart of the problem. With a dedicated security channel like debian has, the fixes are recompiled targeted to the base release, so (for example) I'd never have to update perl because of a fix in spamassassin. In fact you can leave debian servers to update themselves unattended, most of the time. This is too huge a benefit for me to drop, even weighed against the recent debian annoyances. -- Please *no* private copies of mailing list or newsgroup messages. Rule 420: All persons more than eight miles high to leave the court.
Re: [OT] still configuring [Was: Disabling spamcop plugin]
On 04/13/2016 01:26 AM, Ian Zimmerman wrote: > On 2016-04-12 10:57 -0400, David Niklas wrote: > >> You could use Gentoo, you get to configure it all yourself! > > Funny you'd say that, I _am_ actually switching to it - on my > "workstation" role computers. I'm already over 50% over the hump, I > think. > > But on "server type" computers, I just cannot spare a dedicated security > branch. I really don't have the time, and more importantly the nerves, > to scramble and recompile the world when each new vulnerability is > announced. > This shouldn't be worse on Gentoo than it is anywhere else. We have a mailing list, gentoo-announce [0], where security advisories get sent. But, they only get sent out once the vulnerability has been fixed and marked stable /everywhere/, so they often come a little late. Nevertheless, security issues are fixed ASAP: 1. Some vulnerability is found. 2. The security team opens a bug, and contacts the maintainer of the affected package. 3. A fix is committed to the tree. 4. The arch teams scramble to stabilize the version with the fix. 5. The announcement is sent out. As long as you follow a semi-regular update cycle, you shouldn't have to do anything special, even if you run a stable system. The affected package will be recompiled automatically as part of the updates. Any packages *depending on* that package (like, if they're statically linked to it) will also be recompiled. No need to recompile @world. [0] https://www.gentoo.org/get-involved/mailing-lists/
[OT] still configuring [Was: Disabling spamcop plugin]
On 2016-04-12 10:57 -0400, David Niklas wrote: > You could use Gentoo, you get to configure it all yourself! Funny you'd say that, I _am_ actually switching to it - on my "workstation" role computers. I'm already over 50% over the hump, I think. But on "server type" computers, I just cannot spare a dedicated security branch. I really don't have the time, and more importantly the nerves, to scramble and recompile the world when each new vulnerability is announced. > You might also try Arch or Devuan. What distro are you using now? Debian. Have been using it over 15 years now, and watched some of the fun vanish over the last few. -- Please *no* private copies of mailing list or newsgroup messages. Rule 420: All persons more than eight miles high to leave the court.
