SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I got following updates, but these are not mentioned on Slackware security mailing list:
glibc-zoneinfo-2016j-noarch-1_slack14.2.txz
intltool-0.51.0-x86_64-3_slack14.2.txz
xfce4-weather-plugin-0.8.8-x86_64-1_slack14.2.txz
I did find some of them on launchpad.net, but not on official web sites. Is this some usual thing, to have updates without official notice, and how can I make sure that there isn't someone messing up with mirror I use, if I can't rely on official announcements to be complete?
Not every update to a Slackware stable release is a security update per se. It's usually a security update, but the cases you mention are not.
The glibc-zoneinfo, intltool and xfce4-weather-plugin updates were courtesy updates.
From what I have seen and known, patches announcement is different depending on the distro. I know, that for openSUSE, I only receive email notifications about security fixes, not so about any other patch that is posted. I suppose it would also depend of whom is responsible for the patches. Is it an official Slackware repository (Sorry I am not using Slackware myself) or is it a third party one. If it is a third party one, there might be a different website or place to get release notes and update information from.
Regarding checking them: First of all, you can and certainly should check, if they are signed by a valid key and if the Checksum is what it should be. If you still have reasonable doubt, I suppose you could check back with Slackware themselves or their community, to have it verified this way.
There are some very experienced Slackware users around here, you will probably get some additional input as well.
Thanks for answers, tips and welcome. I always assumed that stable release updates are security ones, so these got me a bit confused. Especially because I couldn't find them on official sites. I'm not so new with Slackware (IIRC, my first install was 0.99r14 in 1994.), but I think I have never, until 14.2, tried to update the running system. My cycle for most Slackware releases was: new Slack yay, install and ... forget. Usually followed by partition removal to make space for more Windows garbage.
Now, yes, ChangeLog.txt. One that I saw mentioned already in posts, but managed to forget about it.
... how can I make sure that there isn't someone messing up with mirror I use ...
So much talk, but no real answer ...
Code:
bash $ gpg --verify patches/packages/xfce4-weather-plugin-0.8.8-i486-1_slack14.0.txz.asc
gpg: assuming signed data in `patches/packages/xfce4-weather-plugin-0.8.8-i486-1_slack14.0.txz'
gpg: Signature made 2016-12-24T08:38:34 ICT using DSA key ID 40102233
gpg: Good signature from "Slackware Linux Project <security@slackware.com>"
Code:
bash $ gpg --verify patches/CHECKSUMS.md5.asc
gpg: assuming signed data in `patches/CHECKSUMS.md5'
gpg: Signature made 2016-12-29T04:06:54 ICT using DSA key ID 40102233
gpg: Good signature from "Slackware Linux Project <security@slackware.com>"
bash $ cd patches/ ; tail +13 CHECKSUMS.md5 | md5sum -c
The ".asc" files are there for a reason.
Happy New Year, Pat!! And Thank You!!
Last edited by MadMaverick9; 01-02-2017 at 01:12 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.