Mandrake currently has something similar to this. Its a very very nice feature. It
will poll mirrors close to you for updates, and you can install them right from the
list that pops up. It reminds me a bit of WindowsUpdate, minus the rebooting :)
Although I haven't messed with Mandrake all that much so I can't vouch for all its
pros/cons.
-Riyad
Benno Senoner wrote:
> Hi,
> recently I came across the hackpcweek.com issue,
> and the did not apply the crond exploit fix, since they
> "only install shipping software", and were not willing to install
> 21 different fixes ( from the redhat errata).
> But they installed Service Pack5 on NT, since it was one single file to install.
> Their reason of not installing the 21 RH updates, was that in a big enterprise,
> installing 21 on hundred of machines becomes unmanageable.
> I agree with this and RH should provide an idiot-proof method to keep
> your box to the cutting-edge security status.
>
> The ideal would be to have a little client on every RH distro shipped which ie
> polls the REDHAT's central webserver (or maybe a custom server, the protocol
> doesn't matter here), and retrieves information about which rpms have to be
> updated, with flags describing the security urgency.
>
> At this point the client compares the versions of the local installed packages,
> and detects the ones which have to be updated.
> Then you could choose to let the client send email to the sysadmin,
> containing the rpms he has to update,
> and in the case of a large enterprises (or joe average home user) the admin
> could choose an "AUTOMATIC MODE" , where the client does the download and
> upgrading of the rpms.
> It would be useful to specify the behaviour of the updating-client,
> ( manual mode (email notification) / automatic mode (automatic upgrading +
> notification) at install time, to allow unexpecienced people to set it as
> default.
> Of course some critical packages, like kernel upgrades require the machine to
> be rebooted in order activate the changes.
> In this case the "upgrading-wizard" should interactively ask the user what to do
> (and warn about potential problems etc.)
>
> The upgrading client should as default only upgrade packages which do have
> security-related problems, to keep the network load of ftp-servers low.
> Non security-related updates could still be announced interactively by
> rhe client or sent to the local admin.
>
> Such a solution would save TONS and TONS of troubles,
> and even the dumb PCWEEK people could not cheat ,by not installing the
> latest security fixes.
>
> Consider the fact that Linux has a big advantage over Windoze in terms of
> upgrading on the fly because of most things you haven't to reboot.
> That means if there are only minor upgrades like the crond update,
> you can do this without reboot.
> ( try to install SP5 on NT without rebooting .... :-) )
>
> comments ?
>
> PS: I heard that RH 6.1 will have some upgrading features over the internet,
> could someone tell us more about this ?
>
> regards,
> Benno.
>
> --
> To unsubscribe:
> mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
--
[ Riyad Kalla ]
[ [EMAIL PROTECTED] ]
[ CS Major ]
[ University of Arizona ]
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
