On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Peña wrote: > On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote: > > On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote: > > > You can trigger the update via ssh or wget. > > > > The entire scheme strikes me as reinventing a mechanism which has been > > existing for years now, being called cron-apt. > > I don't believe it does. Cron-apt is a pull mechanism (download the > latest packages, check if there are upgrades and notify the admin). > A mail filter which parses the DSAs and tells people to update is a push > mechanism. > > Notice that in the later (push) you could have somebody review if the > update is critical enough, or only tell systems to upgrade once the patch > has been tested internally. That seems easier to me than, in the pull system, > set up an intermediate mirror of security.debian.org with *approved* updates, > have the systems update automatically and have a sysadmin move the updates > from the official mirror over to that internal mirror based on whether the > update is critical or not. > > Also, in my mind's view, a push mechanism is bound to be more effective than > probing the security mirror daily and could also be capable of narrowing the > time between patch release and installation (if automated) since you don't > have to wait for a given point in time to make the check.
Perhaps freshclam's dns based mechanism may also be of interest as a point of comparison ? (I'm sorry I'm not able to describe it in detail off the top of my head, but the paralell seems obvious) Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]