[H-GEN] security update mailing lists?

[Troy Piggins]

* Ted Percival <ted at midg3t.net> :
> 
> Russell Stuart wrote:
> > On 13/07/2006 4:21 PM, Troy Piggins wrote:
> >> I just subscribed to a ubuntu-security-announce mailing list.  Would
> >> this be sufficient or are there better?
> >
> > You can take it further.  You can write a little script
> > run nightly from cron that downloads but doesn't install
> > any updated packages and emails the you the change logs.
> > You can then install or ignore them as you see fit.  By
> > doing that you have created  your own personalised
> > mailing list that only emails vulnerabilities that effect
> > your system.
> > 
> > This url describes the tools you need to do this:
> >   http://www.debian.org/doc/manuals/apt-howto/
> > Note in particular the apt-listchanges.
> > 
> > There is nothing particularly novel about what I have
> > described here, so I expect someone has already done it.
> > If so I can't find it.  This package comes close, but
> > doesn't appear to do the downloads:
> > 
> >   http://www.steve.org.uk/Software/debian-updates/
> 
> Take a look at the 'cron-apt' package. I have it configured to download
> all the available updates daily and email me when there are some
> available. It wouldn't be difficult to tell it to only do this for
> security repositories (you can point it at a different sources.list).
> 
> Then I simply run the upgrade/dist-upgrade myself (I advise against
> having this done automatically, too).
> 
> I also use apt-listchanges to notify me of changes to packages' NEWS
> files, and often browse the changelogs of interesting packages after
> they have been upgraded.
> 
> Distro-specific security mailing lists can be useful, too, especially if
> you admin a lot of machines.

Cheers.  Will look into Russell's and your recommended methods.

-- 
Troy Piggins
  ,-o   Ubuntu v6.06 (Dapper Drake): kernel 2.6.15-25-server, 
 o   )  postfix 2.2.10, procmail 3.22, mutt 1.5.11i,
  `-o   slrn 0.9.8.1/rt (score_color patch), vim 7.0