Automatic debian security updates

Posted by Nico Golde in debian
Wednesday, October 5. 2005

Today I thought about a possibility to make automatical package updates for security issues in Debian. You know the problem that you want to fix your packages as fast as possible if you notice an update by the security team? Sometimes it can be too late if you fix the package 5 hours after release. So apt-cron is no solution.

Correct me if something for this problem exists. No I have the plan to write a daemon which checks the RSS feed or a subscription to debian-security-announce in a specified time interval updates the packages automatically if they are installed. So you will have a minimun delay after the DSA was posted.

Any ideas, flames etc.?

Comments (7) - Trackback (1)

Trackbacks

Trackback specific URI for this entry

Änderungen bei Debian Security
Nico Golde und Marc Haber waren zuletzt etwas unzufrieden mit der Performance von security.debian.org. Doch die letzten News aus dem Hause Debian versprechen Besserung. Nach dem Update von XFree86 konnte die alte Maschine die Last offensichtlich nicht me

Weblog: Qbi's Weblog
Tracked: Oct 08, 15:28

Comments

Display comments as (Linear | Threaded)

The subscription to debian-security-announce sounds like a sane idea, since you don't have to check periodically (well, probably the email account you get the emails on), but instead have your security update operation triggered by this info mail.

#1 ak on 2005-10-05 15:19 (Reply)

There is no security that the update will brake something so (imho) it is a bad idea. Even there is no possibility to rollback an package which could lead into an broken system.

#2 Joern (Homepage) on 2005-10-05 16:56 (Reply)

yes thats right, but to wait a few hours sucks too. So what are the alternatives besides of checking this all manually and often?

#3 nion (Homepage) on 2005-10-05 18:15 (Reply)

Aren't the .debs on security.debian.org before the appropriate DSA goes out? So waiting for the DSA would slow it down even more, wouldn't it?

#4 Axel Beckert (Homepage) on 2005-10-06 10:38 (Reply)

puh good question. don't know, but I think if it is the case it should.
Anyway, I will go on with this idea

Think of an sms gateway which sends you an sms if some new dsa arrives

#5 nion (Homepage) on 2005-10-06 14:02 (Reply)

I'm currently doing updates by hand (in case stuff is broken, blah, blah, blah) and I haven't tried it but check this out:
http://clemens.endorphin.org/secpack/

secpack implements automatic security updates for Debian. To support unattended updates the system uses signatures to verify the authenticity and integrity of the upgrade packages.

In case you do try it out, say (email) something (if it worked or didn't, problems, etc).

#6 Luis Rei (Homepage) on 2005-10-28 19:57 (Reply)

check this website for complete debian help

http://www.debianhelp.co.uk

#7 david on 2005-12-22 18:45 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets. E-Mail addresses will not be displayed and will only be used for E-Mail notifications To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets.
	Remember Information?