[wplug] Security Updates
Brian A. Seklecki
lavalamp at spiritual-machines.org
Wed Aug 9 20:15:15 EDT 2006
On Thu, 2006-08-03 at 18:53, Brandon Kuczenski wrote:
> Is there a linux product that keeps track of (and notifies the
> administrator of) known security vulnerabilities in installed software?
> I'm thinking of something like portaudit for FreeBSD.
Yea up2date and the like. But there's a greater fundamental issue here:
Most linux distributions are composed of a certain *major* version of an
app. That's what makes Mandriva 2006 (ex.) what it is. You're just not
getting a 1.5.x Firefox RPM from Mandriva >:}.
They will only push out RPM updates via "update collections/sources" to
their respective package management system for *minor* updates
(sometimes vendor-maintained patch-levels) for *critical* security
updates.
And even then, it can take them weeks/months to do, if ever, unless
you're paying for service. The serious problems with Linux security
frequently originate from distribution vendors who don't want to
backport important security fixes into update RPMs. So you're left
installing 3rd party RPMs that can't be checked against XML services.
~BAS
>
> -Brandon
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list