On Sat, Oct 5, 2013 at 11:29 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:

OpenSUSE releases security patches for the supported life of the distribution.

There is a formal security team that looks for the need for these patches and reviews them once a package maintainer submits a proposed patch. The security team will deny any proposed updates that do not have an associated bugzilla entry they are resolving or a publicly known security vulnerability.

These patches are only available to end-users from the openSUSE updates repository.

The zypper command "zypper patch" looks for those security patches and only those security patches. YOU does the same.

Normal RPM updates are also extremely common in the various openSUSE repositories other than the updates repository. They are often just version updates and may have nothing to do with security issues or bug fixes.

"zypper up" will look through all of the configured repositories for any available RPM updates regardless.

I am not sure if zypper up also gets all patches or not. I use "zypper patch" when I want to ensure I have all security updates / bug fixes installed on a box.

I use "zypper up" much more sparingly and almost always to update specific packages only. ie. "zypper up sleuthkit" will install the latest version of sleuthkit from the currently active repository for sleuthkit. "zypper dup --from security" will look only in the security repo to see if there is a newer version of any of my installed packages available. If there is, it will install it regardless of what the current repository for the package is.

Thus there are at least 4 variations of zypper I use to update packages in the course of a year.

zypper patch (hopefully every couple weeks) zypper up <package> (to install a new version of a specific <package> if in my already configured repo) zypper dup -- from <repository> (to get the latest version of all packages in that repository) zypper dup (done rarely, but needed to move from one full release to the next. ie. once every 8 months)

You will note, I rarely if ever invoke "zypper up". If I do invoke it, I am looking to get the list of what updates are available overall for my system. I typically then cancel out of the update and update the specific packages I want updated via one of the above methods.

Thanks for a clear & explicit reply. In fact, whatever, be the case, I would use both now 'zypper up' as well as 'zypper patch' or from yast. But I knew this which I wanted to know. Regards. -- Life and death. At some point we're gonna leave this world. Do I know when? Absolutely not. --- Terrell Owens Just I dislike pain, so all other beings dislike pain. Live and let live. --- Mahavir Bhagwan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org