Updates

[nathan r. hruby]

Hi Don!

On 26 Dec 2002, donald jones wrote:

> How do you maintain current copies of software? I have run apt-get to
> make sure YDL is up-to-date, but many of the packages are behind current
> releases, some significantly so (Mozilla and gcc). Are people manually
> downloading source and building updates themselves, or waiting until YDL
> provides updates via apt-get? Are there other alternatives, or are we up
> a creek until YDL provides updates?
> 

There are differences between updates and enhancements.  If one was to 
update gcc you would probably break the toolchain in your current YDL and 
thus might not be able to compile anything (or at least the things you 
compile would probably not run correctly)  Updates of this magnitude are 
best left to your distibution to package and deliver as part of the 
distribution upgrade process unless you know what your are doing and feel 
like investing the time in upgrading all of the required components.  
typically straying this far from what your distro provides may mean that 
you might want to re-evaluate your choice in distros, there's probably 
another one that delivers what you want sooner (like Gentoo, but not 
Debian)

OTOH, upgrading things like Mozilla, OpenOffice, and most other 
applications and end user tools (and a lot of server processes) can 
normally be done easily without breaking things.  Though once you upgrade 
from source you run the risk of your packaging system crushing your 
self-compile updates so it would be a wise thing to try to find 
pre-compiled packages for your system or to find source packages and use 
the package managmenbt system to compile and install them.  If you're 
really interested, you can always package the source yourself and 
distribute it to others who might find it useful.

> My primary concern is how do I make sure that I have updated software to
> account for security related releases.
> 

Security updates are a horse of a different color.  These are updates that
require installation in a timely fashion (a recent study seems to indicate
the optimum time to install a update would be two weeks after it's
release) to retain the trust of your system.  YDL provides security
updates for it's most current release (at this moment it's YDL-2.3).  
Previous release have (for the most part) been ignored, though most
updates for 2.3 can probably be installed on the entire 2.x series.  You
should be prepared to upgdate to YDL-3.0 after it is formally released to
stay current with updates.  2.3 comes pre-installed with apt, which in
turn should have a default entry to look at an updates directory for your
distribution like so

# updates (bugfix, security, etc.)
rpm http://ftp.yellowdoglinux.com/pub/yellowdog apt/2.3 update 
rpm-src http://ftp.yellowdoglinux.com/pub/yellowdog apt/2.3 update

You should make sure that this line is in your /etc/apt/sources.list, the 
site can vary for whatever mirror you use.  After that run 'apt-get 
update' and then 'apt-get upgrade' and then 'apt-get dist-upgrade'
Failure to run the apt-get update command will result in updates never 
being picked up.  Also note that when I installed 2.3 I had to manually 
change /etc/apt/source.list to point at 2.3 dists, as they were 
incorrectly pointed at 2.2, so you should check that :)  

YDL does not post updates to this list (though I think they should) so you
need to subscribe to their updates list or just manually run apt-get every
day (debian users have a tendancy to just stick a a apt-get upgrade
command in a crontab and just never worry about it.. I would not suggest
this :)  YDL also does not post updates as quickly as other larger 
distributions (Such as Redhat) as they are smaller.  This is tempered by 
the fact that a good deal of the released exploit code relies upon the 
tagest system being x86 and has a tendancay to break on ppc.  this does 
not of course absolve one from {releaseing,installing,maintaining} 
pataches, but it does give a bit more squiggle room.

HTH,

-n
-- 
----------------------------------------
nathan hruby <nathan@drama.uga.edu>
computer services specialist
uga drama
http://www.drama.uga.edu/support/
----------------------------------------