[H-GEN] security update mailing lists?

Ted Percival ted at midg3t.net
Thu Jul 13 03:42:57 EDT 2006


Inline responses way below.

Russell Stuart wrote:
> On 13/07/2006 4:21 PM, Troy Piggins wrote:
>> I just subscribed to a ubuntu-security-announce mailing list.  Would
>> this be sufficient or are there better?
>
> You can take it further.  You can write a little script
> run nightly from cron that downloads but doesn't install
> any updated packages and emails the you the change logs.
> You can then install or ignore them as you see fit.  By
> doing that you have created  your own personalised
> mailing list that only emails vulnerabilities that effect
> your system.
> 
> This url describes the tools you need to do this:
>   http://www.debian.org/doc/manuals/apt-howto/
> Note in particular the apt-listchanges.
> 
> There is nothing particularly novel about what I have
> described here, so I expect someone has already done it.
> If so I can't find it.  This package comes close, but
> doesn't appear to do the downloads:
> 
>   http://www.steve.org.uk/Software/debian-updates/

Take a look at the 'cron-apt' package. I have it configured to download
all the available updates daily and email me when there are some
available. It wouldn't be difficult to tell it to only do this for
security repositories (you can point it at a different sources.list).

Then I simply run the upgrade/dist-upgrade myself (I advise against
having this done automatically, too).

I also use apt-listchanges to notify me of changes to packages' NEWS
files, and often browse the changelogs of interesting packages after
they have been upgraded.

Distro-specific security mailing lists can be useful, too, especially if
you admin a lot of machines.

Enjoy :)

-Ted




More information about the General mailing list