RE: [suse-security] fresh software on suse's site
Novell/SUSE is a great company - but they are not the fastest when it comes to releasing new versions with the latest security patches. For example - everyone should upgrade to Firefox 1.0.2 and Thunderbird 1.0.2 because of the latest security vulnerabilities. They're not available via YaST/YOU yet - but they are available via the APT repository - and those are just two examples. If you subscribe for example to Secunia security advisories (http://secunia.com/secunia_security_advisories/) - security patched versions for the identified vulnerabilities are generally available on the APT repository for SUSE a fair amount before SUSE officially pushes them out via YOU. Depends on how paranoid you are - whether you are willing to wait for the official versions from SUSE or get the latest patches sooner via APT (and admittedly take your chances with the stability of the apps - occassionally less stable than the official versions that come later). Eric Eric Baenen Program Manager - Scientific Network Environments General Dynamics - Advanced Information Systems Phone: 937-255-8180 FAX: 937-255-8845 2255 H Street (AFRL/HEC) Area B Bldg 248 Rm 108 Wright Patterson AFB, OH 45433 -----Original Message----- From: Bob Vickers [mailto:bobv@cs.rhul.ac.uk] Sent: Wednesday, April 06, 2005 10:43 AM To: suse-security@suse.com Subject: RE: [suse-security] fresh software on suse's site I'm puzzled as to what this advice is doing on a security list. Installing random pieces of software may make your computer funkier and more exciting to use but it definitely won't make it more secure. My advice (for an important machine) would be never touch an RPM unless it is an official SuSE one. If you want extra software install it by hand in /usr/local or some other place that is different from the places SuSE install software. Bob On Wed, 6 Apr 2005, Baenen Eric P Contr AFRL/HEC wrote:
From my page at https://www.washingtoncreek.com:4432/tiki/tiki-index.php?page=suse-rpms
To find rpm packages...
These are all good sites... http://www.usr-local-bin.org/linux.php
http://packman.links2linux.org/
http://search.rpmseek.com/search.html?hl=com
http://rpm.pbone.net/index.php3/stat/2/simple/2
BUT... even better is APT...
http://linux01.gwdg.de/apt4rpm/
for SUSE 9.2 as an example, install these rpms ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.2-i386/RPMS.suser-rbos/apt-0.5.15cnc7-0.suse092.rb0.i586.rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.2-i386/RPMS.suser-rbos/apt-devel-0.5.15cnc7-0.suse092.rb0.i586.rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.2-i386/RPMS.suser-rbos/apt-libs-0.5.15cnc7-0.suse092.rb0.i586.rpm
just download them into a directory and as root at the command line type 'rpm -ivh apt*' and let rpm decide which order they need to be installed.
Then copy http://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.2-i386/examples/sources.list.FT... to /etc/apt as sources.list (copy the existing sources.list to something like sources.list.original just in case something goes wrong)
You might want to edit this new sources.list and remove the entries for 'kernel-of-the-day' and 'kde-unstable' (highly recommended)
Notice it will catch all the rpms from Packman, Funktronics, and many 'unofficial' packages from SUSE itself (suse-people, suse-projects)
then as root at a command line do 'apt update'
once that's done...
'apt search packagename' to find a package
'apt install packagename' (in some cases you might need to do 'apt install --no-checksig packagename' if they don't have a signature listed)
apt takes care of all the dependencies - if the package you want needs other packages they will be retrieved and everything will be installed in the proper order.
For security purposes - you can create a sources.list with just 'rpmkeys base update-drpm update-prpm update security-prpm security' or even just 'rpmkeys base security-prpm security' and then create a cronjob for root that does an 'apt upgrade' each night.
APT will become your best friend for finding packages, installing packages and keeping packages current.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Wed, Apr 06, 2005 at 12:36:53PM -0400, Baenen Eric P Contr AFRL/HEC wrote:
Novell/SUSE is a great company - but they are not the fastest when it comes to releasing new versions with the latest security patches.
For example - everyone should upgrade to Firefox 1.0.2 and Thunderbird 1.0.2 because of the latest security vulnerabilities. They're not available via YaST/YOU yet - but they are available via the APT repository - and those are just two examples.
Actually the critical parts of the Firefox 1.0.2 patches are already in the previous Firefox update release. And the number of Mozilla problems is just staggering currently, we have finished one update when the next issue is there already. CIao, Marcus
participants (2)
-
Baenen Eric P Contr AFRL/HEC -
Marcus Meissner