LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 12-17-2011, 12:27 PM   #1
marnold
Member
 
Registered: Dec 2005
Distribution: Slackware64 14.1
Posts: 258

Rep: Reputation: 32
Security List Updates


Is there a reason why there hasn't been any new posts to the security list in two months? According to the changelog there was security updates to bind and Firefox, among others.
 
Old 12-17-2011, 10:19 PM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Hm, interesting. I hadn't actually noticed, but you're right, it's been quite some time since a security update has hit my inbox.
 
Old 12-18-2011, 12:20 AM   #3
cfdisk
Member
 
Registered: May 2011
Location: Philadelphia, PA
Distribution: Slackware 13.37
Posts: 89

Rep: Reputation: 16
FYI
Slackware Updates Seem to be Very QUIET
 
Old 12-18-2011, 01:24 AM   #4
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,456

Rep: Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886
Personally speaking, I use the changelog for security warnings, and for the 99.99% of them it's all I need.

For the gory details either:
- I'll just wait until Pat finds time, between all the other things he does on slackware, to write something about it;
- if I crave them for any particular reason, I'll google them myself (after looking on the vendor site).

Last edited by ponce; 12-18-2011 at 01:33 AM.
 
Old 12-18-2011, 05:59 AM   #5
hegobald
LQ Newbie
 
Registered: Aug 2002
Location: Skåne
Distribution: *Bsd,Slackware
Posts: 24

Rep: Reputation: 0
No mail for me either, last one I got was 15 October.
Is something wrong with list?
 
Old 12-18-2011, 06:11 AM   #6
ottavio
Member
 
Registered: Nov 2007
Posts: 312

Rep: Reputation: 46
If you care about security you can unplug your network cable. Goodbye!
 
Old 12-18-2011, 06:23 AM   #7
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
Quote:
Personally speaking, I use the changelog for security warnings, and for the 99.99% of them it's all I need.
So do I. The mailing list seems an unreliable resource if you really want to stay informed. I think it is a shame, but I can live with it.

In order to keep the official components up to date, I watch the changelog daily. I use to keep an eye on PacketStorm and the National Vulnerability Database in order to know about weakness in third party software (SlackBuilds, self compiled stuff ) or defects that affect Slackware but remain not patched.

>Slackware changelog for 13.37:
ftp://ftp.osuosl.org/pub/slackware/s.../ChangeLog.txt

>Packet Storm (has some interesting RSS feeds):
http://packetstormsecurity.org/

>National Vulnerabilities Database (it has more RSS, it depends on the USA government):
http://web.nvd.nist.gov/view/vuln/search

Last edited by BlackRider; 12-18-2011 at 06:25 AM.
 
Old 12-18-2011, 09:06 AM   #8
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Quote:
Originally Posted by cfdisk View Post
That's not the question. The OP is asking why the security mailing list hasn't been notified of updated packages which have already been pushed out.
 
Old 12-18-2011, 11:29 AM   #9
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,190

Rep: Reputation: 547Reputation: 547Reputation: 547Reputation: 547Reputation: 547Reputation: 547
Quote:
Originally Posted by ponce View Post
Personally speaking, I use the changelog for security warnings, and for the 99.99% of them it's all I need.
Yep. Going to the Slackware-current and Slackware-stable changelogs is a daily, very pleasant ritual.
Praise Bob.
 
Old 12-19-2011, 01:20 PM   #10
CoffeeKing!!!
Member
 
Registered: Mar 2008
Posts: 117

Rep: Reputation: Disabled
So the Slackware Security Adivsories page and the changelog are not in sync? I had been using the advisories page and the email list to get updates - they are both listed on slackware.com as ways to keep up to date.

Last edited by CoffeeKing!!!; 12-19-2011 at 01:45 PM.
 
Old 12-19-2011, 01:59 PM   #11
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482

Rep: Reputation: 534Reputation: 534Reputation: 534Reputation: 534Reputation: 534Reputation: 534
I run a cron job script weekly to check the change logs at one of the Slackware mirrors. If there is a change then the script automatically schedules my system to sync my local files during the night. The next day I receive a system email and I perform manual updates as needed.

Works well enough for me, but for many years I have subscribed to the security mail list notifications. The last notice I received was dated October 14, 2011. There have been many updates in that period.

Slackers tend to find ways to adapt, but many people likely depend on the service to keep track of security changes.

Perhaps the changes noted in the change logs since October 14 have not been security related, but that is not the case. For example, the changes in 13.1 for Nov. 27 specifically declare the updates as security related.

Is that notification service no longer active?
 
Old 12-19-2011, 02:04 PM   #12
JimBrewster
Member
 
Registered: Feb 2010
Location: usa:/dev/random
Distribution: Slackware, Salix
Posts: 237

Rep: Reputation: 59
Quote:
Originally Posted by CoffeeKing!!! View Post
So the Slackware Security Adivsories page and the changelog are not in sync? I had been using the advisories page and the email list to get updates - they are both listed on slackware.com as ways to keep up to date.
Yes it would appear the security page is not keeping up with the changelog.

I just run 'slackpkg update' every few days, and if there are any changes 'slackpkg upgrade-all' will get me up to date.
 
Old 12-19-2011, 08:26 PM   #13
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Quote:
Originally Posted by Woodsman View Post
Slackers tend to find ways to adapt, but many people likely depend on the service to keep track of security changes.
Yes, the fact that the security advisories page/service isn't updating is a pretty serious issue. There are obviously ways around this as explained in the topic, but that doesn't change the fact that many people rely on this service and it isn't currently working.

Has anyone contacted Pat about the issue?
 
Old 12-19-2011, 10:33 PM   #14
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482

Rep: Reputation: 534Reputation: 534Reputation: 534Reputation: 534Reputation: 534Reputation: 534
Quote:
Has anyone contacted Pat about the issue?
Done.
 
Old 12-20-2011, 07:30 PM   #15
marnold
Member
 
Registered: Dec 2005
Distribution: Slackware64 14.1
Posts: 258

Original Poster
Rep: Reputation: 32
Well, I just pulled down the updates from my favorite mirror so I should be up to date. I just get jumpy when it's stuff like Firefox, SSH, et al.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How do I get the updates and security updates wenall Debian 3 07-10-2011 04:17 PM
what does @updates mean in yum list? rtaft Linux - Software 3 05-04-2010 02:00 PM
Whats the security updates now for the sources.list for etch/Debian? steelheat Linux - Newbie 7 12-15-2007 06:45 PM
urpmi list.Updates zaphod_es Linux - Software 18 10-20-2003 02:48 PM
urpmi list.updates missing zaphod_es Mandriva 7 09-20-2003 04:13 PM


All times are GMT -5. The time now is 01:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration