slackware-security ML is being incomplete
It's happening more and more often, lately, that the slackware-security mailing list fails to announce some of the package updates. I find out when I give `slackpkg upgrade-all` and unexpected packages appear in the list (for example, today it's `pkg-config`: updated, not announced).
So, being paranoid :scratch:, I go and check the Changelog to see if the package has indeed been updated, or if something fishy is going on within my preferred mirror. I wonder if should I give up on the mailing list and check the Changelog directly... :study: How does everyone keep up with the latest security news for Slackware? |
pkg-config update was likely not security related, but yes, just keep an eye on the changelog instead. I've never subscribed to the ML.
|
First, I don't know for sure, but I expect that the slackware-security mailing list only mentions updates that are 'security-related' (for all I know, it might even require a CVE id). I rely on it to tell me that there is a security issue that has been patched.
But when something is patched, it doesn't mean that it is patched for a security bug. As slackpkg doesn't have an "upgrade-security" option, "upgrade-all" will pick up all that's been patched. Checking ChangeLog.txt is always appropriate, but I don't see an issue with waiting for the mailing list, to tell me I "should" update. In the example you give, the ChangeLog.txt says Code:
patches/packages/pkg-config-0.29.2-x86_64-1_slack14.2.txz: Upgraded. |
pkg-config-0.29.2 is needed to build latest version of filezilla in SBo, so i asked Patrick after investigating whether the new version is safe to be included in -stable or not. It's purely bug fixes, so it wasn't listed in slackware-security mailing list.
|
Quote:
|
All times are GMT -5. The time now is 09:16 PM. |