Am I overlooking a native way to update vulnerable packages only if they are already installed? There's no option to set a package to 'latest' only if installed. OnlyIf and Unless don't operate on package resources. (Yum/CentOS but I imagine the issue is the same for all platforms)
No, running a "yum upgrade all" is not plausible. Maintaining a list of packages which should be upgraded is plausible and expected. The obvious thing seems to be creatinga ruby fact that loads all packages into facts and then doing the logic based around that, but Luke and other have expressed concerns over doing this in the past. Is there a better way? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
