Hi, I saw that Redhat has a nice tool called autorpm which allows automated updates of the system (for instance in case of security updates). It looks like this tool is not part of SuSE distribution! I personally would like to have such a tool available. So one could run that every morning or so just to be informed which packages were updated on ftp.suse.de for whatever reason and to decide whether an update should be made. Perhaps I am just not well enough informed, in that case I shut up and listen to your advice what to do, otherwise I would be happy to find some support from other users who might have the same wish to make system security a little easier and time-robbing job. What does SuSE think about this? Regards, Marko -- O _ O 0 0 ------------------m-\o/-m------------------------------------------ Dr. Marko K"aning Tel/Fax: +49-3834 554 442 / -3834 554 301 INP Greifswald email : kaening@inp-greifswald.de
Marko Kaening:
Hi,
I saw that Redhat has a nice tool called autorpm which allows What does SuSE think about this?
look up the old thread here: http://www.google.com/search?q=site%3Alists.suse.com+suse-security+autorpm peter
look up the old thread here:
http://www.google.com/search?q=site%3Alists.suse.com+suse-security+autorpm
peter
Thanks for the reply! It looks like discussion about this subject stopped mainly caused by the problem of signing of packages. Discussions ended in August... So what does it mean? QUESTION TO SuSE: Will SuSE 7.1 contain full signing and will it include autorpm, or is the software still too beta? Marko
Hi, On Thu, 25 Jan 2001, Marko Kaening wrote:
It looks like discussion about this subject stopped mainly caused by the problem of signing of packages.
Discussions ended in August... So what does it mean?
Wherever it ended - the package is no longer available under the mentioned URL.
QUESTION TO SuSE:
Will SuSE 7.1 contain full signing and will it include autorpm, or is the software still too beta?
Yes and yes. In addition to that, YaST2 will also have an update module. LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany State Dept. of Unnecessary Double Redundancies Dept.
Will SuSE 7.1 contain full signing and will it include autorpm, or is the software still too beta?
Yes and yes. In addition to that, YaST2 will also have an update module.
LenZ --
Will YaST's update module default to checking signatures and warn/stop the user if they do not match, Mandrake's tool currently does this, I think it is a good feature as it embraces the whole "secure by default" concept. And if the RPM's GnuPG sig doesn't matter that means the RPM is either corrupt, or worse an attacker is up to something.
------------------------------------------------------------------ Lenz Grimmer SuSE GmbH
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
look up the old thread here:
http://www.google.com/search?q=site%3Alists.suse.com+suse-security+autorpm
peter
Thanks for the reply!
It looks like discussion about this subject stopped mainly caused by the problem of signing of packages.
Discussions ended in August... So what does it mean? QUESTION TO SuSE:
Will SuSE 7.1 contain full signing and will it include autorpm, or is
Yes. The key name is build@suse.de, the pubring file in on the CDs, and here is a signed version by a familiar key. In near future, all updates will be signed with this key to make the md5sums in announcements obsolete. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BuQIN BDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd9DYJ8UUTmIT2iQf07tRUKJJ9v0JX fx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Via5/gO7fJEpD2hd2f+pMnOWvH2rOO IbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13CNZZNZfDqnFDP6L12w3z3F7FFXkz 07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp271hhQBeRmmoGEKO2JRelGgUJ2CU zOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlEt5ucTXstZy7vYjL6vTP4l5xs+LIO kNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMGB/9g+9V3ORzw4LvO1pwRYJqfDKUq /EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZwrbSTM5LpC/U6sheLP+l0bLVoq0lm sCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6TtIJlGG6pqUN8QxGJYQnonl0uTJKHJ ENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFLrWn7mfoGx6INQjf3HGQpMXAWuSBQ hzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5HRKMWpO+M9bHp4d+puY0L1YwN1OMa tcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMag8zFbpeqPQUsDv9V7CAJ1dbriEwE GBECAAwFAjnu9JIFCQPCZwAACgkQqE7a6JyACspLIgCbBQd/++0pB9yZWDhqxHtT pdCXRsAAnik7bYHlTxQfohiXYsEJcWrDn7l8 =wtNS -----END PGP PUBLIC KEY BLOCK-----
the software still too beta?
I'm not aware of the current trust-status that we have in the package. It's on the CDs for 7.1, though.
Marko
Need to rush... The last glibc packages are drippling into the ftp server.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Thanks to all for the reply concerning autorpm. According to Roman I'll have wait until SuSE 7.1 is released... When will this happen? Regards, Marko
Hello SuSE Linux 7.1 ships with kernel 2.4 on February 12 http://lwn.net/daily/#t13 MK> According to Roman I'll have wait until SuSE 7.1 is released... When will MK> this happen? Best regards, Gediminas mailto:gedas@kryptis.lt
Hello SuSE Linux 7.1 ships with kernel 2.4 on February 12 http://lwn.net/daily/#t13
In Germany, yes. The Int'l version will be available later, but a few days only. There are updates on the ftp server already...
MK> According to Roman I'll have wait until SuSE 7.1 is released... When will MK> this happen?
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (6)
-
Gediminas Grigas -
Kurt Seifried -
Lenz Grimmer -
Marko Kaening -
Peter Wiersig -
Roman Drahtmueller