> I think you should be careful about automatic apt-get anyway, > because someone might be able to alter the sources.list or the dns > reolve for your server, and inject manipulated files for this...
This is a very good point, that I wanted to put to the minimalist who argued for using apt-get. debs have to be extended with signing, but your security is only as good as the ftp server you use at present, which is not ideal for a firewall. Using automatic apt-get update && apt-get upgrade, would not be wise for a critical machine. It's great for home use, but a corporate firewall... that's real balls to the wall stuff. Rob
