Updates
nathan r. hruby
yellowdog-general@lists.terrasoftsolutions.com
Fri Dec 27 08:49:01 2002
Hi Don!
On 26 Dec 2002, donald jones wrote:
> How do you maintain current copies of software? I have run apt-get to
> make sure YDL is up-to-date, but many of the packages are behind current
> releases, some significantly so (Mozilla and gcc). Are people manually
> downloading source and building updates themselves, or waiting until YDL
> provides updates via apt-get? Are there other alternatives, or are we up
> a creek until YDL provides updates?
>
There are differences between updates and enhancements. If one was to
update gcc you would probably break the toolchain in your current YDL and
thus might not be able to compile anything (or at least the things you
compile would probably not run correctly) Updates of this magnitude are
best left to your distibution to package and deliver as part of the
distribution upgrade process unless you know what your are doing and feel
like investing the time in upgrading all of the required components.
typically straying this far from what your distro provides may mean that
you might want to re-evaluate your choice in distros, there's probably
another one that delivers what you want sooner (like Gentoo, but not
Debian)
OTOH, upgrading things like Mozilla, OpenOffice, and most other
applications and end user tools (and a lot of server processes) can
normally be done easily without breaking things. Though once you upgrade
from source you run the risk of your packaging system crushing your
self-compile updates so it would be a wise thing to try to find
pre-compiled packages for your system or to find source packages and use
the package managmenbt system to compile and install them. If you're
really interested, you can always package the source yourself and
distribute it to others who might find it useful.
> My primary concern is how do I make sure that I have updated software to
> account for security related releases.
>
Security updates are a horse of a different color. These are updates that
require installation in a timely fashion (a recent study seems to indicate
the optimum time to install a update would be two weeks after it's
release) to retain the trust of your system. YDL provides security
updates for it's most current release (at this moment it's YDL-2.3).
Previous release have (for the most part) been ignored, though most
updates for 2.3 can probably be installed on the entire 2.x series. You
should be prepared to upgdate to YDL-3.0 after it is formally released to
stay current with updates. 2.3 comes pre-installed with apt, which in
turn should have a default entry to look at an updates directory for your
distribution like so
# updates (bugfix, security, etc.)
rpm http://ftp.yellowdoglinux.com/pub/yellowdog apt/2.3 update
rpm-src http://ftp.yellowdoglinux.com/pub/yellowdog apt/2.3 update
You should make sure that this line is in your /etc/apt/sources.list, the
site can vary for whatever mirror you use. After that run 'apt-get
update' and then 'apt-get upgrade' and then 'apt-get dist-upgrade'
Failure to run the apt-get update command will result in updates never
being picked up. Also note that when I installed 2.3 I had to manually
change /etc/apt/source.list to point at 2.3 dists, as they were
incorrectly pointed at 2.2, so you should check that :)
YDL does not post updates to this list (though I think they should) so you
need to subscribe to their updates list or just manually run apt-get every
day (debian users have a tendancy to just stick a a apt-get upgrade
command in a crontab and just never worry about it.. I would not suggest
this :) YDL also does not post updates as quickly as other larger
distributions (Such as Redhat) as they are smaller. This is tempered by
the fact that a good deal of the released exploit code relies upon the
tagest system being x86 and has a tendancay to break on ppc. this does
not of course absolve one from {releaseing,installing,maintaining}
pataches, but it does give a bit more squiggle room.
HTH,
-n
--
----------------------------------------
nathan hruby <nathan@drama.uga.edu>
computer services specialist
uga drama
http://www.drama.uga.edu/support/
----------------------------------------