Hi!
Hi there, I have a suggestion to you security guys, that could make life a lot easier for a lot of us out here, and at the same time really make the SuSE security update feature shine, compared to the other linux distributions.
Thank you for the contribution. Please allow me to comment on your suggestions.
I have noticed that since 24/9-00 six updates to SuSE 7.0 has been posted on your security site. At this rate it could turn out to be a very time consuming job having to update Linux all the time.
It is! Even more problematic is the outlook: We'll have to expect more of these format string parsing errors in the next few months.
To make this a much easier task, I suggest that you, on top of the usual downloadable update files, make available a gzip file containing all the updates relevant to your latest distribution (7.0 at this moment).
Well... $ du -ks update/7.0 170819 7.0 $ I'm not sure that you really want that... It's just not practicable.
Every time a new update is posted you also post a new gzip file that includes all earlier updates AND the new one. This file could be called SU1, SU2... SUn. (SU = Security Update).
The gzip file should, besides the .rpm files, include a shell script that could automate all the updates. The script could maybe do something like this:
for (first_update to last_update present in the gzip file) do { if (module or program that the updated relates to is installed on the target system) { do_update = false if (this update is older then the one installed) do_update = ask_user_if_ok_to_update () else if (module has not been updated) { if (running update will overwrite config file(s) that the user/system may have edited) { if (do_update = ask_user_if_ok_to_update ()) make copy (.bak) of config file(s) } } if (do_update) run the rmp update } else do_nothing }
A solution like this exists already. One of the replies to your mail contains a hint to it.
A procedure like this could really make a difference. Updating could now be almost totally automated, and if SuSE would post an e-mail to this forum when a new update is released, I'm sure a lot of SuSE installations would be updated much more frequently then is the case today. I for one would update our systems a lot more frequently.
No question...
Lets also say that you put a subject string like "Announce: SuSE security update SU05 is released ...." in the e-mail, and in the Message body a link to the newest update file. Users could then make a filter in their e-mail client that would redirect all mail coming from SuSE containing this subject string, to a high priority mailbox. When the user opens the mail, he just clicks on the link and this baby would rock'n role.
Of cause I could write the script my self, but that would not make the downloading easier at all, and here I see a opportunity for SuSE, with very little effort, to really make thinks much more "user friendly".
We're working on that, of course. One of the features for the future is that our packages will be gpg-signed. Without this feature we would never be able to offer something like an automatic or semi-automatic update machanism. It just knocks out the concept of security in general...
Thanks in advance Bo Jacobsen bjc@image.dk
Thanks,
Roman.
--
- -
| Roman Drahtmüller