Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

On Fri, 2003-09-19 at 01:19, Anne Wilson wrote:
> ...> >Why is it I detect a sense of wry sarcasm in that last word. 
> > > *grin*
> >
> > Ummm... no sarcasm here... honest.  =)
> >
> > Seriously, tho, I sometimes think this list is full of experts,
> > then other times I think all the newbies on the newbie list hang
> > out here just to question the minority experts, but that could just
> > be me.  =)
> >
> > Either way is fine and I'm happy to hang out with the
> > experts/newbies alike.
> 
> I suspect that the noise/signal ratio on the newbie list puts some 
> people off.
> 
> Anne

:g/newbie/s//expert/g
We've had some pretty bad s/n problems here, remember when Todd had to
get mean? :-)

As I've said before, there shouldn't be multiple lists with
self-selecting categories of newbie and expert. One list to rule them
all, with an iron-fisted moderator, mu-whahahah! And... sympa sucks!

-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Anne Wilson]

On Friday 19 Sep 2003 3:43 am, Vincent Danen wrote:
> On Thu Sep 18, 2003 at 07:29:36PM -0700, James Sparenberg wrote:
> > > > Thanks from here too for the hard work you do Vincent. Tuning
> > > > in to the list on top of security updates is over and above
> > > > the call of duty :-)
> > >
> > > =)  Unfortunately, there's no one else active on the expert
> > > list.. the developers are (understandably) taken up on the
> > > cooker list, so someone has to hang out here with the
> > > experts... =)
> >
> > Vincent,
> >
> >Why is it I detect a sense of wry sarcasm in that last word. 
> > *grin*
>
> Ummm... no sarcasm here... honest.  =)
>
> Seriously, tho, I sometimes think this list is full of experts,
> then other times I think all the newbies on the newbie list hang
> out here just to question the minority experts, but that could just
> be me.  =)
>
> Either way is fine and I'm happy to hang out with the
> experts/newbies alike.

I suspect that the noise/signal ratio on the newbie list puts some 
people off.

Anne
-- 
Registered Linux User No.293302
Have you visited http://twiki.mdklinuxfaq.org yet?


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Thu Sep 18, 2003 at 07:29:36PM -0700, James Sparenberg wrote:

> > > Thanks from here too for the hard work you do Vincent. Tuning in to the
> > > list on top of security updates is over and above the call of duty :-)
> > 
> > =)  Unfortunately, there's no one else active on the expert list.. the
> > developers are (understandably) taken up on the cooker list, so someone has
> > to hang out here with the experts... =)
> 
> Vincent,
> 
>Why is it I detect a sense of wry sarcasm in that last word.  *grin*

Ummm... no sarcasm here... honest.  =)

Seriously, tho, I sometimes think this list is full of experts, then other
times I think all the newbies on the newbie list hang out here just to
question the minority experts, but that could just be me.  =)

Either way is fine and I'm happy to hang out with the experts/newbies alike.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Thu, 2003-09-18 at 12:39, Vincent Danen wrote:
> On Wed Sep 17, 2003 at 09:41:34PM -0700, Jack Coates wrote:
> 
> > > > > Let's try path #3.  Get someone competent so Vincent doesn't have to
> > > > > re-train multiple people (thus wasting enormous amounts of time).
> > > >  
> > > > Let's try path #4. Go to Scotland and get Vincent cloned. You don't have
> > > > to name him "Dolly #3", really! And pls. let's not get into that
> > > > geek/sheep thing!
> > > 
> > > Ummm... let's not.  I really don't think the world needs two of me... =)
> > > 
> > > > I appreciate Vincent's work and whenever there's a way to help, Vincent,
> > > > you know where to find me.
> > > 
> > > Thanks, Wolfgang.  The sentiments are appreciated.
> > 
> > Thanks from here too for the hard work you do Vincent. Tuning in to the
> > list on top of security updates is over and above the call of duty :-)
> 
> =)  Unfortunately, there's no one else active on the expert list.. the
> developers are (understandably) taken up on the cooker list, so someone has
> to hang out here with the experts... =)

Vincent,

   Why is it I detect a sense of wry sarcasm in that last word.  *grin*

James



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Thu Sep 18, 2003 at 09:49:47AM +0100, Anne Wilson wrote:

> > > >With all that in mind, I think this one-man operation is pretty
> > > > damn speedy.
> > >
> > > absolutely, but... let's step into the managerial mind for a
> > > little while:
> >
> > Well, let's put this properly.  Vincent doesn't *need* help. 
> > Vincent would like help.  Vincent's wife would like help.  But
> > Vincent is a trooper and can do the job he is paid to do, no
> > question.
> >
> But if Vincent doesn't 'get a life' he will burn out.

Bah.  I hang out with my wife and kid occassionally, do my own thing every
once in a while, and generally have a good time.  The benefit to you guys is
that I love my job and have fun (most of the time) doing what I do... so the
extra time involved ends up being enjoyable for me.

Honestly, over the last three years I've taken perhaps a month, in total, of
vacation time.  I don't feel in the least burnt out.  A little tired some
days (the joys of having a two-year old child and shiznitz like this openssh
business), but on the whole... not a big deal at all.

> > > User complaints help steer things to path 2.
> >
> > Let's try path #3.  Get someone competent so Vincent doesn't have
> > to re-train multiple people (thus wasting enormous amounts of
> > time).
> 
> Absolutely the preferred option.  But would customer complaints help 
> here?  Having been a manager short of cash, I think they would only 
> annoy.  Now when things start to look better, that might be the time 
> to signal our preferences.

You're probably right.  I think, at this point, complaints will do nothing.
More folks need to put their money where their mouth is, get on board, do
the right thing to ensure their OS of choice sticks around, and when the
cash starts to surplus a little more, then I think you have an honest
argument to say "listen, we did what we had to do to keep you guys around,
now you do what you have to do to keep us around".  That's the way things
work.

> Meanwhile, Vincent, you do a great job

Thanks!

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 09:41:34PM -0700, Jack Coates wrote:

> > > > Let's try path #3.  Get someone competent so Vincent doesn't have to
> > > > re-train multiple people (thus wasting enormous amounts of time).
> > >  
> > > Let's try path #4. Go to Scotland and get Vincent cloned. You don't have
> > > to name him "Dolly #3", really! And pls. let's not get into that
> > > geek/sheep thing!
> > 
> > Ummm... let's not.  I really don't think the world needs two of me... =)
> > 
> > > I appreciate Vincent's work and whenever there's a way to help, Vincent,
> > > you know where to find me.
> > 
> > Thanks, Wolfgang.  The sentiments are appreciated.
> 
> Thanks from here too for the hard work you do Vincent. Tuning in to the
> list on top of security updates is over and above the call of duty :-)

=)  Unfortunately, there's no one else active on the expert list.. the
developers are (understandably) taken up on the cooker list, so someone has
to hang out here with the experts... =)

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

Mike Rambo wrote:

On Thu, 2003-09-18 at 11:13, Jack Coates wrote:

Red Hat definitely sucks pretty bad. I've been having to do a lot of
work with 6.2 and 7.3 lately, building test environments to recreate
customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout
broken in 6.2 (way out of support window, tell that to the thousands of
customers still using it), and on 7.3 I've actually been installing
Ximian's Red Carpet to get something that can do dependencies worth a
damn.


While I can't argue that RedHat's own update method stinks I would point
out that there are alternatives (albeit inconvenient at least initially
since you need to add them manually). The k12ltsp distro is a pure
RedHat du jour with certain package enhancements (mostly added packages
though a couple of them like dhcpd are just modified) and includes both
yum and apt-get. There are repositories with official redhat packages
for both update managers. Personally, I have found either one at least
as easy to use as urpmi. We use K12os or Yellowdog on all our servers
depending upon platform (x86, PPC). I'm a Mandrake user on my
workstation and have been since 7.1.
Installed apt-get with the tuxfamily sources. It doesn't have three 
quarters of the software I tried to install with it, and those it does 
have it says it can't install. Rather than take time to figure out 
what's wrong with it, I'll just rebuild this box with Mandrake 9.2 when 
it comes out.

--
Jack Coates
Monkeynoodle.Org: Integrating Value, Simians, and Pasta Since 1996.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Mike Rambo]

On Thu, 2003-09-18 at 11:13, Jack Coates wrote:
> 
> Red Hat definitely sucks pretty bad. I've been having to do a lot of
> work with 6.2 and 7.3 lately, building test environments to recreate
> customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout
> broken in 6.2 (way out of support window, tell that to the thousands of
> customers still using it), and on 7.3 I've actually been installing
> Ximian's Red Carpet to get something that can do dependencies worth a
> damn.
> 

While I can't argue that RedHat's own update method stinks I would point
out that there are alternatives (albeit inconvenient at least initially
since you need to add them manually). The k12ltsp distro is a pure
RedHat du jour with certain package enhancements (mostly added packages
though a couple of them like dhcpd are just modified) and includes both
yum and apt-get. There are repositories with official redhat packages
for both update managers. Personally, I have found either one at least
as easy to use as urpmi. We use K12os or Yellowdog on all our servers
depending upon platform (x86, PPC). I'm a Mandrake user on my
workstation and have been since 7.1.

I know that the yum package is available for rh7.3 too (thought apt-get
was but I can't find it). On rh6.2 you're probably out of luck as that's
pretty old and I'm not aware of too many aside from Debian who were
running a 'urpmi' type package manager back then.

ftp://k12linux.mesd.k12.or.us/pub/yum/

Actually, as I look at it, if you add the following site to yum.conf
(following the pattern already established in the file) it looks like
you can 'yum update' all the way back to 6.2 - didn't know that.

http://ayo.freshrpms.net/redhat/8.0/i386/ ... [os,updates]

I don't know 'how up to date' the 6.2 updates would be though as RH is
almost certainly not doing them anymore.

You seem to expect a lot out of them with regard to the updates. Does
anyone keep updates for a distro that far back? It would appear Mandrake
doesn't go back beyond 8.2 for current updates.


-- 
Mike Rambo
[EMAIL PROTECTED]

NOTE: In order to control energy costs the light at the end 
of the tunnel has been shut off until further notice...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Thu, 2003-09-18 at 08:13, Jack Coates wrote:
> On Thu, 2003-09-18 at 02:02, James Sparenberg wrote:
> > On Wed, 2003-09-17 at 12:43, Jack Coates wrote:
> > > Steffen Barszus wrote:
> > > 
> > > > Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen:
> > > > 
> > > > 
> > > >>Problem is people don't take security seriously, so they don't sign
> > > >>up for the list.  There isn't much we can do to combat that... in the
> > > >>same way, they may skip those messages we put on every single list
> > > >>and then what?
> > > > 
> > > > 
> > > > Yep agree. It would be a horror to spam the lists !!!Getting it four 
> > > > times with an interest in security even five times ? No way. I inform 
> > > > me on what i'm interested in. running urpmi update in cron and looking 
> > > > sometimes on mandrakesecure should be enough. Even on servers. 
> > > > 
> > > > Steffen
> > > 
> > > I'm on Bugtraq -- I get the alert once from mandrakesecure, once from 
> > > Mandrake's message to bugtraq, and once from every other Linux 
> > > distributor out there, in addition to the original discovery argument.
> > > 
> > > Mandrake is typically pretty slow about updates compared to RH and 
> > > Gentoo, but hopefully that'll change if/when they hire Vincent some 
> > > minions :-)
> > 
> > Dunno here Jack.  MDK and SuSE are ssh patched.  RH is still 6 versions
> > behind in the last (a while back too) update for anything but 9.  I have
> > noticed that for every 5 or 6 notices I get from RH I get 1 from either
> > SuSE or Mandrake.  Lotta times, it's just bug fixes for things like
> > compiling kernels (think 8.0 and 7.0) So I'm not sure if RH patches
> > faster or has more bugs to fix. *grin*
> > 
> > James
> >  
> 
> Red Hat definitely sucks pretty bad. I've been having to do a lot of
> work with 6.2 and 7.3 lately, building test environments to recreate
> customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout
> broken in 6.2 (way out of support window, tell that to the thousands of
> customers still using it), and on 7.3 I've actually been installing
> Ximian's Red Carpet to get something that can do dependencies worth a
> damn.

If you want to get industrious you could "create" a urpmi for Redhat. 
Perl URPM libraries + urpmi + genhdlist... *grin*

James



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

On Thu, 2003-09-18 at 02:02, James Sparenberg wrote:
> On Wed, 2003-09-17 at 12:43, Jack Coates wrote:
> > Steffen Barszus wrote:
> > 
> > > Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen:
> > > 
> > > 
> > >>Problem is people don't take security seriously, so they don't sign
> > >>up for the list.  There isn't much we can do to combat that... in the
> > >>same way, they may skip those messages we put on every single list
> > >>and then what?
> > > 
> > > 
> > > Yep agree. It would be a horror to spam the lists !!!Getting it four 
> > > times with an interest in security even five times ? No way. I inform 
> > > me on what i'm interested in. running urpmi update in cron and looking 
> > > sometimes on mandrakesecure should be enough. Even on servers. 
> > > 
> > > Steffen
> > 
> > I'm on Bugtraq -- I get the alert once from mandrakesecure, once from 
> > Mandrake's message to bugtraq, and once from every other Linux 
> > distributor out there, in addition to the original discovery argument.
> > 
> > Mandrake is typically pretty slow about updates compared to RH and 
> > Gentoo, but hopefully that'll change if/when they hire Vincent some 
> > minions :-)
> 
> Dunno here Jack.  MDK and SuSE are ssh patched.  RH is still 6 versions
> behind in the last (a while back too) update for anything but 9.  I have
> noticed that for every 5 or 6 notices I get from RH I get 1 from either
> SuSE or Mandrake.  Lotta times, it's just bug fixes for things like
> compiling kernels (think 8.0 and 7.0) So I'm not sure if RH patches
> faster or has more bugs to fix. *grin*
> 
> James
>  

Red Hat definitely sucks pretty bad. I've been having to do a lot of
work with 6.2 and 7.3 lately, building test environments to recreate
customer-discovered bugs in. Man, I miss urpmi. up2date is just flatout
broken in 6.2 (way out of support window, tell that to the thousands of
customers still using it), and on 7.3 I've actually been installing
Ximian's Red Carpet to get something that can do dependencies worth a
damn.

-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Wed, 2003-09-17 at 21:39, Jack Coates wrote:
> On Wed, 2003-09-17 at 16:14, Vincent Danen wrote:
> ...
> > > path 1: Ignore the situation until Vincent flames out, then hire some 
> > > starry-eyed outsider who thinks he can fix everything.
> > 
> > /me shudders
> > 
> > > path 2: When the money starts coming in again, hire some college kids to 
> > > help out. Rinse and repeat until a couple of them stick on.
> > 
> > /me shudders again
> > 
> > > User complaints help steer things to path 2.
> > 
> > Let's try path #3.  Get someone competent so Vincent doesn't have to
> > re-train multiple people (thus wasting enormous amounts of time).
> 
> It's certainly true that competent people cost a lot less than they did
> last year; dang near cheap as college kids now. I think I'd better stop
> typing before I rhapsodize too much about how well the economy is
> recovering.

Jack,

   Little in 2000 did any of us realize that when Brush said that the
economy was headed for a crash, this wasn't a prediction.  It was a
promise.

James



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Wed, 2003-09-17 at 14:42, Jack Coates wrote:
> Vincent Danen wrote:
> 
> > On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote:
> ...
> 
> >>Mandrake is typically pretty slow about updates compared to RH and 
> >>Gentoo, but hopefully that'll change if/when they hire Vincent some 
> >>minions :-)
> > 
> > 
> > I think all things considered, we aren't that slow.  If you're defining slow
> > by a few hours, shame on you, if you're defining it by a few days, shame on
> > me.
> > 
> > I think we're fairly close to the other big players when it comes to the big
> > updates.
> > 
> > And, also, keep in mind that RH and SuSE both employ about a half dozen
> > security folks and, IIRC, gentoo doesn't have to worry about compiling for a
> > number of different versions.  Contrary to popular opinion, it *does* take
> > time to properly compile and test packages on each supported platform.
> > 
> > We also don't run our own server for updates so we have to wait for
> > mirroring... RH can put the packages up and announce it that minute, we have
> > to wait at least 1-2hrs before announcing or I get flooded with "you
> > announced it so where is it?" messages, just due to the mirroring process.
> > 
> > With all that in mind, I think this one-man operation is pretty damn speedy.
> > 
> 
> absolutely, but... let's step into the managerial mind for a little while: 


 it's dark in here  here..ere.ere.ere.
ere..
> 
> fact: Vincent is working really hard, doing a job that takes six people 
> at other companies. He's typically a few hours behind those other 
> companies, but the users don't complain much. Vincent says he needs help 
> when we get some money.
> 
> path 1: Ignore the situation until Vincent flames out, then hire some 
> starry-eyed outsider who thinks he can fix everything.
> 
> path 2: When the money starts coming in again, hire some college kids to 
> help out. Rinse and repeat until a couple of them stick on.
> 
> User complaints help steer things to path 2.


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Wed, 2003-09-17 at 14:17, [EMAIL PROTECTED] wrote:
> >
> > With all due respect to you all, but I don`t like the idea one bit. It
> > means
> > Mandrakesoft has a line into my taskbar which I did not ask for. Just as I
> > don`t like Microsoft working interactively with my computer, or other
> > adware/spyware calling home when I still used Windows, I wouldn`t like
> > Mandrakesoft to have a thread into any corner of my boxes. If it`s an
> > optional package,  fine I won`t use it. If it comes built in the distro I
> > will disable it, remove it or whatever it takes to avoid it. It goes
> > against
> > my sense of privacy. Maybe not to that of others, very well, but I don`t
> > like the idea.
> 
> I've been looking at many of the auto-update features for different
> distros. RedHat keeps a central database of installed packages if you use
> their up2date mechanism, and this would probably irk many users. However,
> most of the others seem to be passive updaters. I.e., they pull down a
> list of packages and compare them locally *without* sending any
> information to a central database. In any case, Mandrake's really cool
> distributed update system would likely preclude an update mechanism that
> needed a single database.
> 
> I would like to see a centralized management console for Mandrake systems.
> The designated management station could maintain a list of updates as some
> sort of server; the clients (whether local on on the LAN or 'Net) could
> then query the central server and update the local package database. This
> would be useful because it allows an operator to get an idea of a system's
> patch status without needing the machine to be online. The central server
> need not be an official site, but could be another machine on the LAN that
> you control.
> 


urpmi + mirroring software and you have it.  I run/ran actually one in
my last position.  I just used fmirror to keep in sync with one of the
MDK mirrors for each distro.  This included the hdlist.cz then I just
did an addmedia for my update server and pointed it at the box on my lan
instead of one of the mandrake mirrors.  We later set it up so that the
directory that got synced and the one that people pulled from where not
the same one.  This way I could manually run rpm -K on all the rpms to
verify sig and md5checksum before I put it on my network.  Then I'd sync
the two directories.  Remove the old version in case it was a 2nd
update, and I'd be off and running.  With urpmi.udpate -a and urpmi
-update --auto-select in a cron job the boxes would update themselves
every night.  Works well too.  If I wanted to add a local rpm to the
update list I would put it in the dir and then run genhdlist against it
and I'd have me new hdlist.cz.  I even put the cd's on the lan this way
so that if someone needed to install something all they had to do was
run urpmi and it was available.  (I would disable the CD listings and
just have networked ones.)  No need for special software just a bit of
time (one day in fact) and set it up.


James



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Wed, 2003-09-17 at 12:43, Jack Coates wrote:
> Steffen Barszus wrote:
> 
> > Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen:
> > 
> > 
> >>Problem is people don't take security seriously, so they don't sign
> >>up for the list.  There isn't much we can do to combat that... in the
> >>same way, they may skip those messages we put on every single list
> >>and then what?
> > 
> > 
> > Yep agree. It would be a horror to spam the lists !!!Getting it four 
> > times with an interest in security even five times ? No way. I inform 
> > me on what i'm interested in. running urpmi update in cron and looking 
> > sometimes on mandrakesecure should be enough. Even on servers. 
> > 
> > Steffen
> 
> I'm on Bugtraq -- I get the alert once from mandrakesecure, once from 
> Mandrake's message to bugtraq, and once from every other Linux 
> distributor out there, in addition to the original discovery argument.
> 
> Mandrake is typically pretty slow about updates compared to RH and 
> Gentoo, but hopefully that'll change if/when they hire Vincent some 
> minions :-)

Dunno here Jack.  MDK and SuSE are ssh patched.  RH is still 6 versions
behind in the last (a while back too) update for anything but 9.  I have
noticed that for every 5 or 6 notices I get from RH I get 1 from either
SuSE or Mandrake.  Lotta times, it's just bug fixes for things like
compiling kernels (think 8.0 and 7.0) So I'm not sure if RH patches
faster or has more bugs to fix. *grin*

James
 


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Wed, 2003-09-17 at 11:52, Avi Schwartz wrote:
> On Wednesday, September 17, 2003, at 01:03 PM, Vincent Danen wrote:
> 
> > On Wed Sep 17, 2003 at 08:19:45AM -0500, Avi Schwartz wrote:
> >
> >> That is another problem.  I found out about it from other
> >> distribution's security announcements then I checked MandrakeSecure 
> >> and
> >> found that they posted the information there.  They should send an
> >> announcement like this to the mailing lists.
> >
> > The only problem is that you're not subscribed to the right mailing 
> > list.
> > Subscribe to the announce list (via MandrakeSecure, the very site you 
> > were
> > on).
> >
> > Advisories go out in many forms; I can't help it if you don't pay 
> > attention
> > to one of the many:
> >
> > - [EMAIL PROTECTED]
> > - [EMAIL PROTECTED]
> > - full-disclosure ml
> > - RSS feed from MandrakeSecure
> > - MandrakeSecure website (on nearly every single page)
> > - MandrakeClub (latest advisory always on the front page)
> >
> > And no, announcements will not be going to this list or any other list 
> > other
> > than the announce list.
> >
> I appreciate the information and I just subscribed to the announce 
> list.  However, the same way I didn't know about the 
> [EMAIL PROTECTED] list I am sure there are many others that 
> are not aware of it.  If there is a bug that has a potential of 
> becoming a way to break into a computer I feel that all mailing list be 
> notified of it to minimize the potential damage.  Mandrake may have 
> many newbies (I hope you do, you need the business) which are new to 
> Linux and may need this extra help.  One nice touch SuSE has is a small 
> icon in the KDE task bar which changes color when there are updates 
> available.  Click on it and you get a menu allowing you to check for 
> updates, show the last update log or start the update process.  very 
> nice, clean and can help users keep their system safe.
> 
> Avi

Avi,

   Whereas I like the icon idea, I do want to point out one thing.  It
came from copying windows XP and we all know how much windows users pay
attention to this feature. *evile grin*  Sides it doesn't work too well
when the user doesn't have root.  Better to notify IT via e-mail.  The
user can't do much more than stare at the icon.  

james



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Anne Wilson]

On Thursday 18 Sep 2003 12:14 am, Vincent Danen wrote:
> > >With all that in mind, I think this one-man operation is pretty
> > > damn speedy.
> >
> > absolutely, but... let's step into the managerial mind for a
> > little while:
>
>
> Well, let's put this properly.  Vincent doesn't *need* help. 
> Vincent would like help.  Vincent's wife would like help.  But
> Vincent is a trooper and can do the job he is paid to do, no
> question.
>
But if Vincent doesn't 'get a life' he will burn out.

> > User complaints help steer things to path 2.
>
> Let's try path #3.  Get someone competent so Vincent doesn't have
> to re-train multiple people (thus wasting enormous amounts of
> time).

Absolutely the preferred option.  But would customer complaints help 
here?  Having been a manager short of cash, I think they would only 
annoy.  Now when things start to look better, that might be the time 
to signal our preferences.

Meanwhile, Vincent, you do a great job

Anne
-- 
Registered Linux User No.293302
Have you visited http://twiki.mdklinuxfaq.org yet?


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Eric Huff]

> Sylpheed-Claws has such a plug-in to tell me when I have mail. 
> Scared me to death the first time everything flashed.  Thought kde
> had suffered a cardiac thing.

I got a good chuckle out of your post.

> I unplugged it.  I always have new mail.

Hey, so do i  :)

-- 
Mandrake HowTo's & More:  http://twiki.mdklinuxfaq.org

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

On Wed, 2003-09-17 at 17:34, Vincent Danen wrote:
> On Thu Sep 18, 2003 at 02:01:32AM +0200, Wolfgang Bornath wrote:
> 
> > > Let's try path #3.  Get someone competent so Vincent doesn't have to
> > > re-train multiple people (thus wasting enormous amounts of time).
> >  
> > Let's try path #4. Go to Scotland and get Vincent cloned. You don't have
> > to name him "Dolly #3", really! And pls. let's not get into that
> > geek/sheep thing!
> 
> Ummm... let's not.  I really don't think the world needs two of me... =)
> 
> > I appreciate Vincent's work and whenever there's a way to help, Vincent,
> > you know where to find me.
> 
> Thanks, Wolfgang.  The sentiments are appreciated.

Thanks from here too for the hard work you do Vincent. Tuning in to the
list on top of security updates is over and above the call of duty :-)
-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

On Wed, 2003-09-17 at 16:14, Vincent Danen wrote:
...
> > path 1: Ignore the situation until Vincent flames out, then hire some 
> > starry-eyed outsider who thinks he can fix everything.
> 
> /me shudders
> 
> > path 2: When the money starts coming in again, hire some college kids to 
> > help out. Rinse and repeat until a couple of them stick on.
> 
> /me shudders again
> 
> > User complaints help steer things to path 2.
> 
> Let's try path #3.  Get someone competent so Vincent doesn't have to
> re-train multiple people (thus wasting enormous amounts of time).

It's certainly true that competent people cost a lot less than they did
last year; dang near cheap as college kids now. I think I'd better stop
typing before I rhapsodize too much about how well the economy is
recovering.
-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Bill Mullen]

On Wed, 17 Sep 2003, Eric Fernandez wrote:

> I proposed that idea on the cooker ML after release of 9.1. The idea was
> to perform an automatic urpmi.update command on a medium if the install
> of a package failed with error message "you may have to update your
> medium".

I don't think that this is as simple a solution as it may appear, as the
reason that the word "may" is included in that error message (which BTW
actually reads, "You may need to update your urpmi database") is that an
out-of-date urpmi database is *not* the only possible source of the error
- and isn't even necessarily the most likely one, in my experience.

The error message is returned whenever the contents of urpmi's RPM cache
directory (/var/cache/urpmi/rpms/) does not match what urpmi expects to
see there, once any downloading and/or copying into it has completed. This
is quite often merely due to one or more of the download attempts having
failed to establish a connection to the target mirror; for example, if the
mirror is a busy one, and has reached its limit of permitted simultaneous
users, any further connection attempts (by anyone) to it will fail, until
one of the currently-in-use ones completes. No connect => no d/l => error.

The problem, of course, is that urpmi has no idea *why* the RPM isn't in
the cache dir - it just knows that it's amongst the missing. The database
itself could exactly reflect the available RPMs, yet the error occurs. :(

This happens rather a lot IMO with urpmi's default d/l client, curl, which 
does not make more than one attempt to get a file. For this reason, I use 
the "--wget" switch with both urpmi and urpmi.update, to force it to use 
wget in lieu of curl. I even have aliases set up in /etc/bashrc for this:

alias urpmi='/usr/sbin/urpmi --wget'
alias uu='/usr/sbin/urpmi.update --wget -a'
alias ua='/usr/sbin/urpmi --wget --auto-select'

Typing "uu&&ua" gets all my sources synced, and picks out the updates. I 
purposely do not use the "--auto" switch with the latter, as I prefer to 
see exactly which packages are selected before I allow it to proceed. ;)

-- 
Bill Mullen   [EMAIL PROTECTED]   MA, USA   RLU #270075   MDK 8.1 & 9.0
"Listen, here's the thing. If you can't spot the sucker in your first
half hour at the table, then you *are* the sucker." - Mike McDermott

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Thu Sep 18, 2003 at 02:01:32AM +0200, Wolfgang Bornath wrote:

> > Let's try path #3.  Get someone competent so Vincent doesn't have to
> > re-train multiple people (thus wasting enormous amounts of time).
>  
> Let's try path #4. Go to Scotland and get Vincent cloned. You don't have
> to name him "Dolly #3", really! And pls. let's not get into that
> geek/sheep thing!

Ummm... let's not.  I really don't think the world needs two of me... =)

> I appreciate Vincent's work and whenever there's a way to help, Vincent,
> you know where to find me.

Thanks, Wolfgang.  The sentiments are appreciated.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Wolfgang Bornath]

Vincent Danen schrieb am Wed, 17 Sep 2003 17:14:07 -0600:

> Let's try path #3.  Get someone competent so Vincent doesn't have to
> re-train multiple people (thus wasting enormous amounts of time).
 
Let's try path #4. Go to Scotland and get Vincent cloned. You don't have
to name him "Dolly #3", really! And pls. let's not get into that
geek/sheep thing!

I appreciate Vincent's work and whenever there's a way to help, Vincent,
you know where to find me.

wobo

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 02:42:25PM -0700, Jack Coates wrote:

> >I think all things considered, we aren't that slow.  If you're defining 
> >slow
> >by a few hours, shame on you, if you're defining it by a few days, shame on
> >me.
> >
> >I think we're fairly close to the other big players when it comes to the 
> >big
> >updates.
> >
> >And, also, keep in mind that RH and SuSE both employ about a half dozen
> >security folks and, IIRC, gentoo doesn't have to worry about compiling for 
> >a
> >number of different versions.  Contrary to popular opinion, it *does* take
> >time to properly compile and test packages on each supported platform.
> >
> >We also don't run our own server for updates so we have to wait for
> >mirroring... RH can put the packages up and announce it that minute, we 
> >have
> >to wait at least 1-2hrs before announcing or I get flooded with "you
> >announced it so where is it?" messages, just due to the mirroring process.
> >
> >With all that in mind, I think this one-man operation is pretty damn 
> >speedy.
> 
> absolutely, but... let's step into the managerial mind for a little while:

Oh no... not *that* mind... =)

> fact: Vincent is working really hard, doing a job that takes six people 
> at other companies. He's typically a few hours behind those other 
> companies, but the users don't complain much. Vincent says he needs help 
> when we get some money.

Well, let's put this properly.  Vincent doesn't *need* help.  Vincent would
like help.  Vincent's wife would like help.  But Vincent is a trooper and
can do the job he is paid to do, no question.

> path 1: Ignore the situation until Vincent flames out, then hire some 
> starry-eyed outsider who thinks he can fix everything.

/me shudders

> path 2: When the money starts coming in again, hire some college kids to 
> help out. Rinse and repeat until a couple of them stick on.

/me shudders again

> User complaints help steer things to path 2.

Let's try path #3.  Get someone competent so Vincent doesn't have to
re-train multiple people (thus wasting enormous amounts of time).

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 02:07:26PM -0700, Ricardo (Tru64 User) wrote:

> Are you serious?? One man operation??
> What will happen if/when the heat stroke gets you?
> 
> Wandering.

What heat stroke?

Anyways, there is a backup person in case I do get run over, drowned, beat
by my wife, etc. so no worries there.. that is taken care of.  Should I
perish, updates will continue to roll out.

Other than the secteam (for whom I am extremely grateful as they make
testing that much easier), there is just me for the "management" of stuff.
Which is ok... the current load is a piece of cake compared to what I was
dealing with prior to the EOL policy coming into play.  =)


-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Dick Gevers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 17 Sep 2003 14:14:27 -0700, Rolf Pedersen
<[EMAIL PROTECTED]> wrote about Re: [expert] Why is urpmi such a
pain in the ...?:

>> It means Mandrakesoft has a line into my taskbar which I did not ask for.

>I don't think that's what it means.  What it means is a cron job runs 
>urpmi.update to check if the update files on the mirror have changed 
>and, if so, notify the user that a new update is available.  This is no 
>more revealing of your private information than running MandrakeUpdate 
>in attended mode.

Please forgive me for not understanding that immediately. That makes it
quite clear, thank you. 

Regards,
=Dick Gevers=

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Encryption is an envelope - the contents are private.

iD8DBQE/aNp2wC/zk+cxEdMRAgQBAKCSiSSzCBR41sM5EVDimJFWJwUctACg4gno
pOok/p9/GH6zZDq1jIJzFD0=
=7Mvz
-END PGP SIGNATURE-

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Wednesday, September 17, 2003, at 03:29 PM, Vincent Danen wrote:

I think all things considered, we aren't that slow.  If you're 
defining slow
by a few hours, shame on you, if you're defining it by a few days, 
shame on
me.

I think we're fairly close to the other big players when it comes to 
the big
updates.

And, also, keep in mind that RH and SuSE both employ about a half dozen
security folks and, IIRC, gentoo doesn't have to worry about compiling 
for a
number of different versions.  Contrary to popular opinion, it *does* 
take
time to properly compile and test packages on each supported platform.

We also don't run our own server for updates so we have to wait for
mirroring... RH can put the packages up and announce it that minute, 
we have
to wait at least 1-2hrs before announcing or I get flooded with "you
announced it so where is it?" messages, just due to the mirroring 
process.

With all that in mind, I think this one-man operation is pretty damn 
speedy.

My hat's off to you.  One person?  This is impressive.

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

Vincent Danen wrote:

On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote:
...

Mandrake is typically pretty slow about updates compared to RH and 
Gentoo, but hopefully that'll change if/when they hire Vincent some 
minions :-)


I think all things considered, we aren't that slow.  If you're defining slow
by a few hours, shame on you, if you're defining it by a few days, shame on
me.
I think we're fairly close to the other big players when it comes to the big
updates.
And, also, keep in mind that RH and SuSE both employ about a half dozen
security folks and, IIRC, gentoo doesn't have to worry about compiling for a
number of different versions.  Contrary to popular opinion, it *does* take
time to properly compile and test packages on each supported platform.
We also don't run our own server for updates so we have to wait for
mirroring... RH can put the packages up and announce it that minute, we have
to wait at least 1-2hrs before announcing or I get flooded with "you
announced it so where is it?" messages, just due to the mirroring process.
With all that in mind, I think this one-man operation is pretty damn speedy.

absolutely, but... let's step into the managerial mind for a little while:

fact: Vincent is working really hard, doing a job that takes six people 
at other companies. He's typically a few hours behind those other 
companies, but the users don't complain much. Vincent says he needs help 
when we get some money.

path 1: Ignore the situation until Vincent flames out, then hire some 
starry-eyed outsider who thinks he can fix everything.

path 2: When the money starts coming in again, hire some college kids to 
help out. Rinse and repeat until a couple of them stick on.

User complaints help steer things to path 2.
--
Jack Coates
Monkeynoodle.Org: Integrating Value, Simians, and Pasta Since 1996.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[kwan]

>
> With all due respect to you all, but I don`t like the idea one bit. It
> means
> Mandrakesoft has a line into my taskbar which I did not ask for. Just as I
> don`t like Microsoft working interactively with my computer, or other
> adware/spyware calling home when I still used Windows, I wouldn`t like
> Mandrakesoft to have a thread into any corner of my boxes. If it`s an
> optional package,  fine I won`t use it. If it comes built in the distro I
> will disable it, remove it or whatever it takes to avoid it. It goes
> against
> my sense of privacy. Maybe not to that of others, very well, but I don`t
> like the idea.

I've been looking at many of the auto-update features for different
distros. RedHat keeps a central database of installed packages if you use
their up2date mechanism, and this would probably irk many users. However,
most of the others seem to be passive updaters. I.e., they pull down a
list of packages and compare them locally *without* sending any
information to a central database. In any case, Mandrake's really cool
distributed update system would likely preclude an update mechanism that
needed a single database.

I would like to see a centralized management console for Mandrake systems.
The designated management station could maintain a list of updates as some
sort of server; the clients (whether local on on the LAN or 'Net) could
then query the central server and update the local package database. This
would be useful because it allows an operator to get an idea of a system's
patch status without needing the machine to be online. The central server
need not be an official site, but could be another machine on the LAN that
you control.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Rolf Pedersen]

Dick Gevers wrote:
On Wed, 17 Sep 2003 22:25:04 +0300, Thomas Backlund <[EMAIL PROTECTED]> wrote about
Re: [expert] Why is urpmi such a pain in the ...?:

Vincent Danen kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu
2003 22:07):


{ Avi Schwartz <[EMAIL PROTECTED]> }


icon in the KDE task bar which changes color when there are updates
available.  Click on it and you get a menu allowing you to check for
updates, show the last update log or start the update process.  very
nice, clean and can help users keep their system safe.
I agree, this would be nice and hopefully this is something that can be
done for 9.3 or 10.0.
AFAIK in contribs there is a package started with the aim of doing this:
mdk-check-update-*
I haven't tested it myself so I can't say if it works... 


With all due respect to you all, but I don`t like the idea one bit. It means
Mandrakesoft has a line into my taskbar which I did not ask for. Just as I
I don't think that's what it means.  What it means is a cron job runs 
urpmi.update to check if the update files on the mirror have changed 
and, if so, notify the user that a new update is available.  This is no 
more revealing of your private information than running MandrakeUpdate 
in attended mode.

Rolf

don`t like Microsoft working interactively with my computer, or other
adware/spyware calling home when I still used Windows, I wouldn`t like
Mandrakesoft to have a thread into any corner of my boxes. If it`s an
optional package,  fine I won`t use it. If it comes built in the distro I
will disable it, remove it or whatever it takes to avoid it. It goes against
my sense of privacy. Maybe not to that of others, very well, but I don`t
like the idea.
Just my EUR 0.02.

Ciao,
=Dick Gevers=




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Ricardo (Tru64 User)]

Are you serious?? One man operation??
What will happen if/when the heat stroke gets you?

Wandering.

--- Vincent Danen <[EMAIL PROTECTED]> wrote:
> On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates
> wrote:
> 
> > >>Problem is people don't take security seriously,
> so they don't sign
> > >>up for the list.  There isn't much we can do to
> combat that... in the
> > >>same way, they may skip those messages we put on
> every single list
> > >>and then what?
> > >
> > >
> > >Yep agree. It would be a horror to spam the lists
> !!!Getting it four 
> > >times with an interest in security even five
> times ? No way. I inform 
> > >me on what i'm interested in. running urpmi
> update in cron and looking 
> > >sometimes on mandrakesecure should be enough.
> Even on servers. 
> > >
> > >Steffen
> > 
> > I'm on Bugtraq -- I get the alert once from
> mandrakesecure, once from 
> > Mandrake's message to bugtraq, and once from every
> other Linux 
> > distributor out there, in addition to the original
> discovery argument.
> > 
> > Mandrake is typically pretty slow about updates
> compared to RH and 
> > Gentoo, but hopefully that'll change if/when they
> hire Vincent some 
> > minions :-)
> 
> I think all things considered, we aren't that slow. 
> If you're defining slow
> by a few hours, shame on you, if you're defining it
> by a few days, shame on
> me.
> 
> I think we're fairly close to the other big players
> when it comes to the big
> updates.
> 
> And, also, keep in mind that RH and SuSE both employ
> about a half dozen
> security folks and, IIRC, gentoo doesn't have to
> worry about compiling for a
> number of different versions.  Contrary to popular
> opinion, it *does* take
> time to properly compile and test packages on each
> supported platform.
> 
> We also don't run our own server for updates so we
> have to wait for
> mirroring... RH can put the packages up and announce
> it that minute, we have
> to wait at least 1-2hrs before announcing or I get
> flooded with "you
> announced it so where is it?" messages, just due to
> the mirroring process.
> 
> With all that in mind, I think this one-man
> operation is pretty damn speedy.
> 
> -- 
> MandrakeSoft Security;
> http://www.mandrakesecure.net/
> Online Security Resource Book; http://linsec.ca/
> "lynx -source http://linsec.ca/vdanen.asc | gpg
> --import"
> {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5
> FE6F 2AFD}
> 
> 

> ATTACHMENT part 2 application/pgp-signature 



__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Dick Gevers]

On Wed, 17 Sep 2003 22:25:04 +0300, Thomas Backlund <[EMAIL PROTECTED]> wrote about
Re: [expert] Why is urpmi such a pain in the ...?:

>Vincent Danen kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu
>2003 22:07):

{ Avi Schwartz <[EMAIL PROTECTED]> }

>> > icon in the KDE task bar which changes color when there are updates
>> > available.  Click on it and you get a menu allowing you to check for
>> > updates, show the last update log or start the update process.  very
>> > nice, clean and can help users keep their system safe.
>>
>> I agree, this would be nice and hopefully this is something that can be
>> done for 9.3 or 10.0.
>
>AFAIK in contribs there is a package started with the aim of doing this:
>mdk-check-update-*
>
>I haven't tested it myself so I can't say if it works... 


With all due respect to you all, but I don`t like the idea one bit. It means
Mandrakesoft has a line into my taskbar which I did not ask for. Just as I
don`t like Microsoft working interactively with my computer, or other
adware/spyware calling home when I still used Windows, I wouldn`t like
Mandrakesoft to have a thread into any corner of my boxes. If it`s an
optional package,  fine I won`t use it. If it comes built in the distro I
will disable it, remove it or whatever it takes to avoid it. It goes against
my sense of privacy. Maybe not to that of others, very well, but I don`t
like the idea.

Just my EUR 0.02.

Ciao,
=Dick Gevers=


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Lee Wiggers]

On Wed, 17 Sep 2003 13:20:36 -0700
Rolf Pedersen <[EMAIL PROTECTED]> wrote:

> 
> 
> Avi Schwartz wrote:
> > 
> [..]
> > need this extra help.  One nice touch SuSE has is a small icon
> > in the KDE task bar which changes color when there are updates
> > available.  Click on it and you get a menu allowing you to check
> > for updates, show the last update log or start the update
> > process.  very nice, clean and can help users keep their system
> > safe.
> > 
> > Avi
> 
> In cooker contrib/, there is such an app that has been recently
> written, mutray:
> 
> MUTray sits in the KDE system tray, and displays a notification
> when there are new updates.  It can then install the packages with
> urpmi.
> 
> I think the binary will work in 9.1 or rebuild the 
> contrib/SRPMS/mutray-0.3-2mdk.src.rpm package.
> 
> Rolf
> 
> 
> 

Sylpheed-Claws has such a plug-in to tell me when I have mail. 
Scared me to death the first time everything flashed.  Thought kde
had suffered a cardiac thing.

I unplugged it.  I always have new mail.

Lee



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote:

> >>Problem is people don't take security seriously, so they don't sign
> >>up for the list.  There isn't much we can do to combat that... in the
> >>same way, they may skip those messages we put on every single list
> >>and then what?
> >
> >
> >Yep agree. It would be a horror to spam the lists !!!Getting it four 
> >times with an interest in security even five times ? No way. I inform 
> >me on what i'm interested in. running urpmi update in cron and looking 
> >sometimes on mandrakesecure should be enough. Even on servers. 
> >
> >Steffen
> 
> I'm on Bugtraq -- I get the alert once from mandrakesecure, once from 
> Mandrake's message to bugtraq, and once from every other Linux 
> distributor out there, in addition to the original discovery argument.
> 
> Mandrake is typically pretty slow about updates compared to RH and 
> Gentoo, but hopefully that'll change if/when they hire Vincent some 
> minions :-)

I think all things considered, we aren't that slow.  If you're defining slow
by a few hours, shame on you, if you're defining it by a few days, shame on
me.

I think we're fairly close to the other big players when it comes to the big
updates.

And, also, keep in mind that RH and SuSE both employ about a half dozen
security folks and, IIRC, gentoo doesn't have to worry about compiling for a
number of different versions.  Contrary to popular opinion, it *does* take
time to properly compile and test packages on each supported platform.

We also don't run our own server for updates so we have to wait for
mirroring... RH can put the packages up and announce it that minute, we have
to wait at least 1-2hrs before announcing or I get flooded with "you
announced it so where is it?" messages, just due to the mirroring process.

With all that in mind, I think this one-man operation is pretty damn speedy.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Rolf Pedersen]

Avi Schwartz wrote:

[..]
need this extra help.  One nice touch SuSE has is a small icon in the 
KDE task bar which changes color when there are updates available.  
Click on it and you get a menu allowing you to check for updates, show 
the last update log or start the update process.  very nice, clean and 
can help users keep their system safe.

Avi
In cooker contrib/, there is such an app that has been recently written, 
mutray:

MUTray sits in the KDE system tray, and displays a notification when there
are new updates.  It can then install the packages with urpmi.
I think the binary will work in 9.1 or rebuild the 
contrib/SRPMS/mutray-0.3-2mdk.src.rpm package.

Rolf


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 02:03:48PM -0500, Avi Schwartz wrote:

> >Advisories go out in many forms; I can't help it if you don't pay 
> >attention
> >to one of the many:
> >
> >- [EMAIL PROTECTED]
> >- [EMAIL PROTECTED]
> >- full-disclosure ml
> >- RSS feed from MandrakeSecure
> >- MandrakeSecure website (on nearly every single page)
> >- MandrakeClub (latest advisory always on the front page)
> >
> As I said, I did pay attention since I knew about it before Mandrake 
> announced it.

That wasn't your point tho, was it?  You weren't aware of Mandrake's
announcements.  That I believe was the point.

> Anyway, how do you subscribe to the RSS feed?  What is the url?

http://www.mandrakesecure.net/en/advisories/rss.php IIRC.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

Steffen Barszus wrote:

Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen:


Problem is people don't take security seriously, so they don't sign
up for the list.  There isn't much we can do to combat that... in the
same way, they may skip those messages we put on every single list
and then what?


Yep agree. It would be a horror to spam the lists !!!Getting it four 
times with an interest in security even five times ? No way. I inform 
me on what i'm interested in. running urpmi update in cron and looking 
sometimes on mandrakesecure should be enough. Even on servers. 

Steffen
I'm on Bugtraq -- I get the alert once from mandrakesecure, once from 
Mandrake's message to bugtraq, and once from every other Linux 
distributor out there, in addition to the original discovery argument.

Mandrake is typically pretty slow about updates compared to RH and 
Gentoo, but hopefully that'll change if/when they hire Vincent some 
minions :-)
--
Jack Coates
Monkeynoodle.Org: Integrating Value, Simians, and Pasta Since 1996.


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Thomas Backlund]

Vincent Danen kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 
22:07):
> On Wed Sep 17, 2003 at 01:52:09PM -0500, Avi Schwartz wrote:
> > >Advisories go out in many forms; I can't help it if you don't pay
> > >attention
> > >to one of the many:
> > >
> > >- [EMAIL PROTECTED]
> > >- [EMAIL PROTECTED]
> > >- full-disclosure ml
> > >- RSS feed from MandrakeSecure
> > >- MandrakeSecure website (on nearly every single page)
> > >- MandrakeClub (latest advisory always on the front page)
> > >
> > >And no, announcements will not be going to this list or any other list
> > >other
> > >than the announce list.
> >
> > I appreciate the information and I just subscribed to the announce
> > list.  However, the same way I didn't know about the
> > [EMAIL PROTECTED] list I am sure there are many others that
> > are not aware of it.  If there is a bug that has a potential of
> > becoming a way to break into a computer I feel that all mailing list be
> > notified of it to minimize the potential damage.  Mandrake may have
> > many newbies (I hope you do, you need the business) which are new to
> > Linux and may need this extra help.  One nice touch SuSE has is a small
>
> I'm sorry, but I disagree.  I don't like the idea of spamming all of the
> lists (and while it might not be considered spam, why do it when there is
> one list that covers them all?).  It's a matter of education.  If someone
> gets on the newbie or expert list, they've likely visited the website.
> There is a link to the MandrakeSecure lists, clearly marked for
> security-related lists, on the mandrakelinux.com page where you can
> subscribe to the other lists.  How difficult is it to subscribe to these
> other lists?  No, one other list?
>
> Problem is people don't take security seriously, so they don't sign up for
> the list.  There isn't much we can do to combat that... in the same way,
> they may skip those messages we put on every single list and then what?
>
> Also, FWIW, if you sign up for MandrakeOnline, you'll get alerts sent to
> your inbox.
>
> > icon in the KDE task bar which changes color when there are updates
> > available.  Click on it and you get a menu allowing you to check for
> > updates, show the last update log or start the update process.  very
> > nice, clean and can help users keep their system safe.
>
> I agree, this would be nice and hopefully this is something that can be
> done for 9.3 or 10.0.

AFAIK in contribs there is a package started with the aim of doing this:
mdk-check-update-*

I haven't tested it myself so I can't say if it works... 

-- 
Regards

Thomas


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Steffen Barszus]

Am Mittwoch, 17. September 2003 21:07 schrieb Vincent Danen:

> Problem is people don't take security seriously, so they don't sign
> up for the list.  There isn't much we can do to combat that... in the
> same way, they may skip those messages we put on every single list
> and then what?

Yep agree. It would be a horror to spam the lists !!!Getting it four 
times with an interest in security even five times ? No way. I inform 
me on what i'm interested in. running urpmi update in cron and looking 
sometimes on mandrakesecure should be enough. Even on servers. 

Steffen

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 01:52:09PM -0500, Avi Schwartz wrote:

> >Advisories go out in many forms; I can't help it if you don't pay 
> >attention
> >to one of the many:
> >
> >- [EMAIL PROTECTED]
> >- [EMAIL PROTECTED]
> >- full-disclosure ml
> >- RSS feed from MandrakeSecure
> >- MandrakeSecure website (on nearly every single page)
> >- MandrakeClub (latest advisory always on the front page)
> >
> >And no, announcements will not be going to this list or any other list 
> >other
> >than the announce list.
> >
> I appreciate the information and I just subscribed to the announce 
> list.  However, the same way I didn't know about the 
> [EMAIL PROTECTED] list I am sure there are many others that 
> are not aware of it.  If there is a bug that has a potential of 
> becoming a way to break into a computer I feel that all mailing list be 
> notified of it to minimize the potential damage.  Mandrake may have 
> many newbies (I hope you do, you need the business) which are new to 
> Linux and may need this extra help.  One nice touch SuSE has is a small 

I'm sorry, but I disagree.  I don't like the idea of spamming all of the
lists (and while it might not be considered spam, why do it when there is
one list that covers them all?).  It's a matter of education.  If someone
gets on the newbie or expert list, they've likely visited the website.
There is a link to the MandrakeSecure lists, clearly marked for
security-related lists, on the mandrakelinux.com page where you can
subscribe to the other lists.  How difficult is it to subscribe to these
other lists?  No, one other list?

Problem is people don't take security seriously, so they don't sign up for
the list.  There isn't much we can do to combat that... in the same way,
they may skip those messages we put on every single list and then what?

Also, FWIW, if you sign up for MandrakeOnline, you'll get alerts sent to
your inbox.

> icon in the KDE task bar which changes color when there are updates 
> available.  Click on it and you get a menu allowing you to check for 
> updates, show the last update log or start the update process.  very 
> nice, clean and can help users keep their system safe.

I agree, this would be nice and hopefully this is something that can be done
for 9.3 or 10.0.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Wednesday, September 17, 2003, at 01:03 PM, Vincent Danen wrote:

Advisories go out in many forms; I can't help it if you don't pay 
attention
to one of the many:

- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
- full-disclosure ml
- RSS feed from MandrakeSecure
- MandrakeSecure website (on nearly every single page)
- MandrakeClub (latest advisory always on the front page)
As I said, I did pay attention since I knew about it before Mandrake 
announced it.

Anyway, how do you subscribe to the RSS feed?  What is the url?

Thanks,
Avi

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Anne Wilson]

On Wednesday 17 Sep 2003 7:52 pm, Avi Schwartz wrote:
> I appreciate the information and I just subscribed to the announce
> list.  However, the same way I didn't know about the
> [EMAIL PROTECTED] list I am sure there are many others
> that are not aware of it.  If there is a bug that has a potential
> of becoming a way to break into a computer I feel that all mailing
> list be notified of it to minimize the potential damage.  Mandrake
> may have many newbies (I hope you do, you need the business) which
> are new to Linux and may need this extra help.  One nice touch SuSE
> has is a small icon in the KDE task bar which changes color when
> there are updates available.  Click on it and you get a menu
> allowing you to check for updates, show the last update log or
> start the update process.  very nice, clean and can help users keep
> their system safe.
>
I'm sure that somewhere I was asked if I wanted to subscribe to 
announce, when I first installed.  On my own box run Mandrake Update 
weekly, but if I had a server I would be doing it every day.

Anne
-- 
Registered Linux User No.293302
Have you visited http://twiki.mdklinuxfaq.org yet?


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Wednesday, September 17, 2003, at 01:03 PM, Vincent Danen wrote:

On Wed Sep 17, 2003 at 08:19:45AM -0500, Avi Schwartz wrote:

That is another problem.  I found out about it from other
distribution's security announcements then I checked MandrakeSecure 
and
found that they posted the information there.  They should send an
announcement like this to the mailing lists.
The only problem is that you're not subscribed to the right mailing 
list.
Subscribe to the announce list (via MandrakeSecure, the very site you 
were
on).

Advisories go out in many forms; I can't help it if you don't pay 
attention
to one of the many:

- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
- full-disclosure ml
- RSS feed from MandrakeSecure
- MandrakeSecure website (on nearly every single page)
- MandrakeClub (latest advisory always on the front page)
And no, announcements will not be going to this list or any other list 
other
than the announce list.

I appreciate the information and I just subscribed to the announce 
list.  However, the same way I didn't know about the 
[EMAIL PROTECTED] list I am sure there are many others that 
are not aware of it.  If there is a bug that has a potential of 
becoming a way to break into a computer I feel that all mailing list be 
notified of it to minimize the potential damage.  Mandrake may have 
many newbies (I hope you do, you need the business) which are new to 
Linux and may need this extra help.  One nice touch SuSE has is a small 
icon in the KDE task bar which changes color when there are updates 
available.  Click on it and you get a menu allowing you to check for 
updates, show the last update log or start the update process.  very 
nice, clean and can help users keep their system safe.

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Wednesday, September 17, 2003, at 11:38 AM, Brant Fitzsimmons wrote:

Avi Schwartz wrote:

Also downloading the list of files can be a major pain.  Couple of 
15MB lists can take awhile, even at IDSL speeds (144K) not to mention 
dial-up speeds.
Avi
and set up an update source that uses rsync instead of ftp or http. 
Then when you run "urpmi.update -a" it will download only the 
differences in the list instead of the whole list.

That's great, I wasn't aware that there are sites allowing rsync.

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Charles A Edwards]

On Wed, 17 Sep 2003 12:03:59 -0600
Vincent Danen <[EMAIL PROTECTED]> wrote:

> The only problem is that you're not subscribed to the right mailing
> list. Subscribe to the announce list (via MandrakeSecure, the very
> site you were on).

It is all documented on the mailing list page

"Security holes are fixed as soon as possible when they are discovered.
Most of the new packages can easily be upgraded just by running
``MandrakeUpdate'' regularly. 

All security-related mailing-lists are listed at:
http://www.mandrakesecure.net/en/mlist.php";

Which in turn discloses this:

"[EMAIL PROTECTED] is a read-only list which will inform you
of new updates (security, bugfix, etc.) for all supported Mandrake Linux
distributions."

One can subscribe to it in the same manner as this list.


Charles

-- 
"Show me a good loser, and I'll show you a loser."
-- Vince Lombardi, football coach
-
Mandrake Linux 9.2 on PurpleDragon
Kernel-2.4.22-9mdkenterprise 
-




pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 08:19:45AM -0500, Avi Schwartz wrote:

> That is another problem.  I found out about it from other 
> distribution's security announcements then I checked MandrakeSecure and 
> found that they posted the information there.  They should send an 
> announcement like this to the mailing lists.

The only problem is that you're not subscribed to the right mailing list.
Subscribe to the announce list (via MandrakeSecure, the very site you were
on).

Advisories go out in many forms; I can't help it if you don't pay attention
to one of the many:

- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
- full-disclosure ml
- RSS feed from MandrakeSecure
- MandrakeSecure website (on nearly every single page)
- MandrakeClub (latest advisory always on the front page)

And no, announcements will not be going to this list or any other list other
than the announce list.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Wed Sep 17, 2003 at 06:02:22AM -0700, Tango Echo wrote:

> They did?  How do you recieve notification? I though I
> was subscribed to the exploit list, but I haven't
> recieved a message in well over 6 months.  Do I need
> to resubscribe or are you receiving noitification by
> other means?  Obviously, staying up to date on
> exploits is a top priority and I'd like to be in the
> loop =)

The exploit list is for discussing exploits... the announce list is for
announcements.  You at least want to be subscribed to the latter.

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Wed, 2003-09-17 at 06:16, Avi Schwartz wrote:
> On Wednesday, September 17, 2003, at 12:17 AM, James Sparenberg wrote:
> 
> > On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote:
> >> Today, Mandrake has issued a security update to ssh (BTW, if you did
> >> not update it yet, you better do it soon, before the exploit starts
> >> circulating).  I updated all the sources but urpmi --update
> >> --auto-select told me that everything is up to date.  Tried the
> >> graphical updater, the same story.  I ended up downloading the new 
> >> RPMs
> >> and installing them manually.  How am I supposed to trust DrakeUpdate
> >> and urpmi?
> >>
> >> This is something Mandrake can learn from SuSE.  Their online update
> >> works perfectly every time.
> >>
> >> Avi
> >
> > No not every time.  Try to do an online update for the NVidia drivers.
> > 100% failure on 6 boxes.  As for the problem.  Did you do urpmi.update
> > -a first?  If your inbox records are behind the servers records then
> > what it's telling you is correct.
> >
> 
> That may be a little unfair to SuSE.  The NVidia drivers are closed 
> source and so they can be a challenge for any distribution.  As I 
> understand it, people fixed the problem by using the older driver.  But 
> my point was not to talk about a specific patch.  It would be also nice 
> if Mandrake would send notification about security patches to their 
> mailing lists.  In generalshould look into tightening the update 
> process when it comes to security patches.  Unlike regular updates that 
> may not be very important some security patches can be critical.  Also 
> downloading the list of files can be a major pain.  Couple of 15MB 
> lists can take awhile, even at IDSL speeds (144K) not to mention 
> dial-up speeds.
> 
> Avi

Two points here.  1.  use the synthesis.hdlist.cz  instead of hdlist.cz
(huge diff in size) 2.  Under Configuration-other in your menu you'll
find "Discover Custom Services" If you buy a boxed set or are a club
member you can setup auto notification (via e-mail) and even auto update
of a box.

james
> 
> 
> 
> __
> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Brant Fitzsimmons]

Avi Schwartz wrote:
On Wednesday, September 17, 2003, at 12:17 AM, James Sparenberg wrote:

On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote:

Today, Mandrake has issued a security update to ssh (BTW, if you did
not update it yet, you better do it soon, before the exploit starts
circulating).  I updated all the sources but urpmi --update
--auto-select told me that everything is up to date.  Tried the
graphical updater, the same story.  I ended up downloading the new RPMs
and installing them manually.  How am I supposed to trust DrakeUpdate
and urpmi?
This is something Mandrake can learn from SuSE.  Their online update
works perfectly every time.
Avi


No not every time.  Try to do an online update for the NVidia drivers.
100% failure on 6 boxes.  As for the problem.  Did you do urpmi.update
-a first?  If your inbox records are behind the servers records then
what it's telling you is correct.
That may be a little unfair to SuSE.  The NVidia drivers are closed 
source and so they can be a challenge for any distribution.  As I 
understand it, people fixed the problem by using the older driver.  But 
my point was not to talk about a specific patch.  It would be also nice 
if Mandrake would send notification about security patches to their 
mailing lists.  In generalshould look into tightening the update process 
when it comes to security patches.  Unlike regular updates that may not 
be very important some security patches can be critical.  Also 
downloading the list of files can be a major pain.  Couple of 15MB lists 
can take awhile, even at IDSL speeds (144K) not to mention dial-up speeds.

Avi
They do announce security patches.

http://www.mandrakesecure.net/en/mlist.php

As far as the list of files-- goes go to:

http://www.zarb.org/~nanardon/

and set up an update source that uses rsync instead of ftp or http. Then 
when you run "urpmi.update -a" it will download only the differences in 
the list instead of the whole list.

--
Brant Fitzsimmons
[EMAIL PROTECTED]
___
Linux user #322847 | Linux machine #207465 | http://counter.li.org/
AMD Duron 1.3GHz | Mandrake 9.1 | Kernel 2.4.21-0.16mm-mdk
KDE 3.1.3 | Mozilla 1.4 Mail Client
Uptime:
 12:25:01 up 10 days, 23:41,  1 user,  load average: 0.08, 0.25, 0.18
___
"All truth passes through three stages. First, it is ridiculed.
Second, it is violently opposed. Third, it is accepted as being
self-evident."
-Arthur Schopenhauer (1788-1860)

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Eric Fernandez]

Hi Jack,

Thanks for the reminder... However I should have been
more clear in what I was trying to say.  We can all
agree that Mandrake is known as the "newbie's Linux"
while of course still remaining a powerful operating
system.  I was suggesting that Mandrake include some
type of update app automatically ready to be
configured in the window manager (etc).  Therefor,
when the newb logs in, they are asked to configure the
update app just like in XP.  While the updates may not
be as severe and critical as they may be in the
Windows world, they are still important.  I guess I
should have anticipated your reply since I AM posting
on the expert list ;)
Tango

I proposed that idea on the cooker ML after release of 9.1. The idea was 
to perform an automatic urpmi.update command on a medium if the install 
of a package failed with error message "you may have to update your 
medium". Apparently it has not been implemented yet, but this could be a 
good idea to mdernise rpmdrake with such options :
- an automatic update of media at specific times
- an automatic update in case of install failure
I think media sources needs to be modernised indeed.

Eric


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Miark]

On Wed, 17 Sep 2003 08:16:07 -0500, Avi Schwartz <[EMAIL PROTECTED]> wrote:

> It would be also nice if Mandrake would send notification about security 
> patches to their mailing lists.  

I this is a good idea, too.

Miark

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Wolfgang Bornath]

Thomas Backlund schrieb am Wed, 17 Sep 2003 16:46:10 +0300:

> Tango Echo kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu
> 2003 16:39):
> >
> > So I guess the answer to my question is: Check
> > mandrakesecure.net at least once a week  - look on the
> > right side for "Recent Mandrake Linux Advisories"?
> 
> Go to:
> http://www.mandrakesecure.net/en/mlist.php
> and choose wich varnings you want mailed to you...

...and/or subscribe to the Mandrake Community Newsletter (issued 2x per
month) which contains a "Security Updates" section.

wobo

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Why is urpmi such a pain in the ...?

[Tango Echo]

>On Wed, 2003-09-17 at 06:39, Tango Echo wrote:
>> >That is another problem.  I found out about it
from
>> other
>> >distribution's security announcements then I
checked
>> MandrakeSecure and
>> >found that they posted the information there. 
They
>> should send an
>> >announcement like this to the mailing lists.
>> >
>> >Avi
>> >
>>
>>
>> That's strange! I think of individuals that are
>> familiar with Linux to be more security oriented...
>> Ya know, it would be best to either have some type
of
>> notification OR an auto updater like what XP has -
>> Check for updates, downloaded when read and confirm
>> install or automatically download and install...
>
>man urpmi and man cron.
>...
>--
>Jack Coates
>Monkeynoodle: A Scientific Venture...
>

dle: A Scientific Venture...
>

Hi Jack,

Thanks for the reminder... However I should have been
more clear in what I was trying to say.  We can all
agree that Mandrake is known as the "newbie's Linux"
while of course still remaining a powerful operating
system.  I was suggesting that Mandrake include some
type of update app automatically ready to be
configured in the window manager (etc).  Therefor,
when the newb logs in, they are asked to configure the
update app just like in XP.  While the updates may not
be as severe and critical as they may be in the
Windows world, they are still important.  I guess I
should have anticipated your reply since I AM posting
on the expert list ;)

Tango


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

On Wed, 2003-09-17 at 06:39, Tango Echo wrote:
> >That is another problem.  I found out about it from
> other
> >distribution's security announcements then I checked
> MandrakeSecure and
> >found that they posted the information there.  They
> should send an
> >announcement like this to the mailing lists.
> >
> >Avi
> >
> 
> 
> That's strange! I think of individuals that are
> familiar with Linux to be more security oriented... 
> Ya know, it would be best to either have some type of
> notification OR an auto updater like what XP has -
> Check for updates, downloaded when read and confirm
> install or automatically download and install...

man urpmi and man cron.
...
-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Thomas Backlund]

Tango Echo kirjoitti viestissään (lähetysaika Keskiviikko 17 Syyskuu 2003 
16:39):
> >That is another problem.  I found out about it from
>
> other
>
> >distribution's security announcements then I checked
>
> MandrakeSecure and
>
> >found that they posted the information there.  They
>
> should send an
>
> >announcement like this to the mailing lists.
> >
> >Avi
>
> That's strange! I think of individuals that are
> familiar with Linux to be more security oriented...
> Ya know, it would be best to either have some type of
> notification OR an auto updater like what XP has -
> Check for updates, downloaded when read and confirm
> install or automatically download and install...
>
> So I guess the answer to my question is: Check
> mandrakesecure.net at least once a week  - look on the
> right side for "Recent Mandrake Linux Advisories"?
>

Go to:
http://www.mandrakesecure.net/en/mlist.php

and choose wich varnings you want mailed to you...

-- 
Regards

Thomas


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Eric Fernandez]

Today, Mandrake has issued a security update to ssh 
   



(BTW, if you did
 

not update it yet, you better do it soon, before the
   

exploit starts
 

circulating).  I updated all the sources but urpmi
   

--update
 

--auto-select told me that everything is up to date. 
   

Tried the
 

graphical updater, the same story.  I ended up
   

downloading the new RPMs
 

and installing them manually.  How am I supposed to
   

trust DrakeUpdate
 

and urpmi?

This is something Mandrake can learn from SuSE. 
   

Their online update
 

works perfectly every time.

Avi

Maybe you should check your mirror. Did you try urpmq -f to check the 
new packages are available in your URPM base ? I guess you did an 
urpmi.update -a too before trying the update ? There was no error message ?

Eric


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Why is urpmi such a pain in the ...?

[Tango Echo]

>That is another problem.  I found out about it from
other
>distribution's security announcements then I checked
MandrakeSecure and
>found that they posted the information there.  They
should send an
>announcement like this to the mailing lists.
>
>Avi
>


That's strange! I think of individuals that are
familiar with Linux to be more security oriented... 
Ya know, it would be best to either have some type of
notification OR an auto updater like what XP has -
Check for updates, downloaded when read and confirm
install or automatically download and install...

So I guess the answer to my question is: Check
mandrakesecure.net at least once a week  - look on the
right side for "Recent Mandrake Linux Advisories"?


>On Wednesday, September 17, 2003, at 08:02 AM, Tango
Echo wrote:
>
>>> Today, Mandrake has issued a security update to
ssh
>>
>> They did?  How do you recieve notification? I
though I
>> was subscribed to the exploit list, but I haven't
>> recieved a message in well over 6 months.  Do I
need
>> to resubscribe or are you receiving noitification
by
>> other means?  Obviously, staying up to date on
>> exploits is a top priority and I'd like to be in
the
>> loop =)
>

be in the
>> loop =)
>

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

That is another problem.  I found out about it from other 
distribution's security announcements then I checked MandrakeSecure and 
found that they posted the information there.  They should send an 
announcement like this to the mailing lists.

Avi

On Wednesday, September 17, 2003, at 08:02 AM, Tango Echo wrote:

Today, Mandrake has issued a security update to ssh
They did?  How do you recieve notification? I though I
was subscribed to the exploit list, but I haven't
recieved a message in well over 6 months.  Do I need
to resubscribe or are you receiving noitification by
other means?  Obviously, staying up to date on
exploits is a top priority and I'd like to be in the
loop =)


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Wednesday, September 17, 2003, at 12:17 AM, James Sparenberg wrote:

On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote:
Today, Mandrake has issued a security update to ssh (BTW, if you did
not update it yet, you better do it soon, before the exploit starts
circulating).  I updated all the sources but urpmi --update
--auto-select told me that everything is up to date.  Tried the
graphical updater, the same story.  I ended up downloading the new 
RPMs
and installing them manually.  How am I supposed to trust DrakeUpdate
and urpmi?

This is something Mandrake can learn from SuSE.  Their online update
works perfectly every time.
Avi
No not every time.  Try to do an online update for the NVidia drivers.
100% failure on 6 boxes.  As for the problem.  Did you do urpmi.update
-a first?  If your inbox records are behind the servers records then
what it's telling you is correct.
That may be a little unfair to SuSE.  The NVidia drivers are closed 
source and so they can be a challenge for any distribution.  As I 
understand it, people fixed the problem by using the older driver.  But 
my point was not to talk about a specific patch.  It would be also nice 
if Mandrake would send notification about security patches to their 
mailing lists.  In generalshould look into tightening the update 
process when it comes to security patches.  Unlike regular updates that 
may not be very important some security patches can be critical.  Also 
downloading the list of files can be a major pain.  Couple of 15MB 
lists can take awhile, even at IDSL speeds (144K) not to mention 
dial-up speeds.

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Why is urpmi such a pain in the ...?

[Tango Echo]

>Today, Mandrake has issued a security update to ssh 

They did?  How do you recieve notification? I though I
was subscribed to the exploit list, but I haven't
recieved a message in well over 6 months.  Do I need
to resubscribe or are you receiving noitification by
other means?  Obviously, staying up to date on
exploits is a top priority and I'd like to be in the
loop =)

(BTW, if you did
>not update it yet, you better do it soon, before the
exploit starts
>circulating).  I updated all the sources but urpmi
--update
>--auto-select told me that everything is up to date. 
Tried the
>graphical updater, the same story.  I ended up
downloading the new RPMs
>and installing them manually.  How am I supposed to
trust DrakeUpdate
>and urpmi?
>
>This is something Mandrake can learn from SuSE. 
Their online update
>works perfectly every time.
>
>Avi
>



__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[James Sparenberg]

On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote:
> Today, Mandrake has issued a security update to ssh (BTW, if you did 
> not update it yet, you better do it soon, before the exploit starts 
> circulating).  I updated all the sources but urpmi --update 
> --auto-select told me that everything is up to date.  Tried the 
> graphical updater, the same story.  I ended up downloading the new RPMs 
> and installing them manually.  How am I supposed to trust DrakeUpdate 
> and urpmi?
> 
> This is something Mandrake can learn from SuSE.  Their online update 
> works perfectly every time.
> 
> Avi

No not every time.  Try to do an online update for the NVidia drivers. 
100% failure on 6 boxes.  As for the problem.  Did you do urpmi.update
-a first?  If your inbox records are behind the servers records then
what it's telling you is correct.

James

> 
> 
> 
> __
> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Tuesday, September 16, 2003, at 11:27 PM, Jack Coates wrote:

On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote:
Today, Mandrake has issued a security update to ssh (BTW, if you did
not update it yet, you better do it soon, before the exploit starts
circulating).  I updated all the sources but urpmi --update
--auto-select told me that everything is up to date.  Tried the
graphical updater, the same story.  I ended up downloading the new 
RPMs
and installing them manually.  How am I supposed to trust DrakeUpdate
and urpmi?

This is something Mandrake can learn from SuSE.  Their online update
works perfectly every time.
Avi

where are you physically? Mandrake's mirrors in the Pacific Standard
Time Zone tend to be pretty far behind.
Chicago, CST.

Avi



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Jack Coates]

On Tue, 2003-09-16 at 20:05, Avi Schwartz wrote:
> Today, Mandrake has issued a security update to ssh (BTW, if you did 
> not update it yet, you better do it soon, before the exploit starts 
> circulating).  I updated all the sources but urpmi --update 
> --auto-select told me that everything is up to date.  Tried the 
> graphical updater, the same story.  I ended up downloading the new RPMs 
> and installing them manually.  How am I supposed to trust DrakeUpdate 
> and urpmi?
> 
> This is something Mandrake can learn from SuSE.  Their online update 
> works perfectly every time.
> 
> Avi
> 

where are you physically? Mandrake's mirrors in the Pacific Standard
Time Zone tend to be pretty far behind.
-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

I had 3.6.1p1 installed, but as other have pointed out, I was probably 
using a mirror that was not updated yet.

Avi

On Tuesday, September 16, 2003, at 10:48 PM, bascule wrote:

it may be that like me you have installed some package via cooker that 
might
have required a later openssh? i found i had 3.6.1p2-4 and therefore
3.6.1p2-1.1 was seen as not an upgrade, i'm hopefull that there will a
further cooker package with the needed patch becasue when i went to 
uninstall
openssh and then insatll the upgrade i had problems, but you should 
try that
too since my problems are hopefully local to me

bascule

On Wednesday 17 Sep 2003 4:05 am, Avi Schwartz wrote:
Today, Mandrake has issued a security update to ssh (BTW, if you did
not update it yet, you better do it soon, before the exploit starts
circulating).  I updated all the sources but urpmi --update
--auto-select told me that everything is up to date.  Tried the
graphical updater, the same story.  I ended up downloading the new 
RPMs
and installing them manually.  How am I supposed to trust DrakeUpdate
and urpmi?

This is something Mandrake can learn from SuSE.  Their online update
works perfectly every time.
Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Tuesday, September 16, 2003, at 10:52 PM, Vincent Danen wrote:

On Tue Sep 16, 2003 at 10:45:07PM -0500, Avi Schwartz wrote:

Today, Mandrake has issued a security update to ssh (BTW, if you did
not update it yet, you better do it soon, before the exploit starts
circulating).  I updated all the sources but urpmi --update
--auto-select told me that everything is up to date.  Tried the
graphical updater, the same story.  I ended up downloading the new
RPMs and installing them manually.  How am I supposed to trust
DrakeUpdate and urpmi?
This is something Mandrake can learn from SuSE.  Their online update
works perfectly every time.
Avi
Your success with Mandrake Update depends on the mirror you have 
setup
as your update source.  Mandrake just released the updated packages
and it takes time for all of the update mirrors to sync with
Mandrake's server.  You may need to give your mirror some time to
actually get the updates from the mothership.  Once that is done you
should be able to update without a hitch.  I just did and it went as
smooth as usual.

Also, you need to run "urpmi.update -a" first to make sure your box
knows that there are updates available.  Then run "urpmi -v --updates
--auto-select" or "urpmi -v --auto-select" to actually download and
install the updates.
I did urpmi.update -a first, but I guess I need to look for better
mirrors.  Is there a way to find out which mirrors are updated more
frequently?
http://www.mandrakesecure.net/en/ftp.php

Perfect.  Thanks you!

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Tue Sep 16, 2003 at 10:45:07PM -0500, Avi Schwartz wrote:

> >>Today, Mandrake has issued a security update to ssh (BTW, if you did 
> >>not update it yet, you better do it soon, before the exploit starts 
> >>circulating).  I updated all the sources but urpmi --update 
> >>--auto-select told me that everything is up to date.  Tried the 
> >>graphical updater, the same story.  I ended up downloading the new 
> >>RPMs and installing them manually.  How am I supposed to trust 
> >>DrakeUpdate and urpmi?
> >>This is something Mandrake can learn from SuSE.  Their online update 
> >>works perfectly every time.
> >>Avi
> >
> >Your success with Mandrake Update depends on the mirror you have setup 
> >as your update source.  Mandrake just released the updated packages 
> >and it takes time for all of the update mirrors to sync with 
> >Mandrake's server.  You may need to give your mirror some time to 
> >actually get the updates from the mothership.  Once that is done you 
> >should be able to update without a hitch.  I just did and it went as 
> >smooth as usual.
> >
> >Also, you need to run "urpmi.update -a" first to make sure your box 
> >knows that there are updates available.  Then run "urpmi -v --updates 
> >--auto-select" or "urpmi -v --auto-select" to actually download and 
> >install the updates.
> 
> I did urpmi.update -a first, but I guess I need to look for better 
> mirrors.  Is there a way to find out which mirrors are updated more 
> frequently?

http://www.mandrakesecure.net/en/ftp.php

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[Vincent Danen]

On Tue Sep 16, 2003 at 10:05:18PM -0500, Avi Schwartz wrote:

> Today, Mandrake has issued a security update to ssh (BTW, if you did 
> not update it yet, you better do it soon, before the exploit starts 
> circulating).  I updated all the sources but urpmi --update 
> --auto-select told me that everything is up to date.  Tried the 
> graphical updater, the same story.  I ended up downloading the new RPMs 
> and installing them manually.  How am I supposed to trust DrakeUpdate 
> and urpmi?
> 
> This is something Mandrake can learn from SuSE.  Their online update 
> works perfectly every time.

Did you do "urpmi.update -a" first?

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}



pgp0.pgp
Description: PGP signature

Re: [expert] Why is urpmi such a pain in the ...?

[bascule]

it may be that like me you have installed some package via cooker that might 
have required a later openssh? i found i had 3.6.1p2-4 and therefore 
3.6.1p2-1.1 was seen as not an upgrade, i'm hopefull that there will a 
further cooker package with the needed patch becasue when i went to uninstall 
openssh and then insatll the upgrade i had problems, but you should try that 
too since my problems are hopefully local to me

bascule

On Wednesday 17 Sep 2003 4:05 am, Avi Schwartz wrote:
> Today, Mandrake has issued a security update to ssh (BTW, if you did
> not update it yet, you better do it soon, before the exploit starts
> circulating).  I updated all the sources but urpmi --update
> --auto-select told me that everything is up to date.  Tried the
> graphical updater, the same story.  I ended up downloading the new RPMs
> and installing them manually.  How am I supposed to trust DrakeUpdate
> and urpmi?
>
> This is something Mandrake can learn from SuSE.  Their online update
> works perfectly every time.
>
> Avi

-- 
"A man could go far, knowing his rights like you do," said Granny.
"But right now he should go home."
(Wyrd Sisters)


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

On Tuesday, September 16, 2003, at 10:38 PM, Brant Fitzsimmons wrote:

Avi Schwartz wrote:
Today, Mandrake has issued a security update to ssh (BTW, if you did 
not update it yet, you better do it soon, before the exploit starts 
circulating).  I updated all the sources but urpmi --update 
--auto-select told me that everything is up to date.  Tried the 
graphical updater, the same story.  I ended up downloading the new 
RPMs and installing them manually.  How am I supposed to trust 
DrakeUpdate and urpmi?
This is something Mandrake can learn from SuSE.  Their online update 
works perfectly every time.
Avi
Your success with Mandrake Update depends on the mirror you have setup 
as your update source.  Mandrake just released the updated packages 
and it takes time for all of the update mirrors to sync with 
Mandrake's server.  You may need to give your mirror some time to 
actually get the updates from the mothership.  Once that is done you 
should be able to update without a hitch.  I just did and it went as 
smooth as usual.

Also, you need to run "urpmi.update -a" first to make sure your box 
knows that there are updates available.  Then run "urpmi -v --updates 
--auto-select" or "urpmi -v --auto-select" to actually download and 
install the updates.
I did urpmi.update -a first, but I guess I need to look for better 
mirrors.  Is there a way to find out which mirrors are updated more 
frequently?

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Why is urpmi such a pain in the ...?

[Brant Fitzsimmons]

Avi Schwartz wrote:
Today, Mandrake has issued a security update to ssh (BTW, if you did not 
update it yet, you better do it soon, before the exploit starts 
circulating).  I updated all the sources but urpmi --update 
--auto-select told me that everything is up to date.  Tried the 
graphical updater, the same story.  I ended up downloading the new RPMs 
and installing them manually.  How am I supposed to trust DrakeUpdate 
and urpmi?

This is something Mandrake can learn from SuSE.  Their online update 
works perfectly every time.

Avi
Your success with Mandrake Update depends on the mirror you have setup 
as your update source.  Mandrake just released the updated packages and 
it takes time for all of the update mirrors to sync with Mandrake's 
server.  You may need to give your mirror some time to actually get the 
updates from the mothership.  Once that is done you should be able to 
update without a hitch.  I just did and it went as smooth as usual.

Also, you need to run "urpmi.update -a" first to make sure your box 
knows that there are updates available.  Then run "urpmi -v --updates 
--auto-select" or "urpmi -v --auto-select" to actually download and 
install the updates.

--
Brant Fitzsimmons
[EMAIL PROTECTED]
___
Linux user #322847 | Linux machine #207465 | http://counter.li.org/
AMD Duron 1.3GHz | Mandrake 9.1 | Kernel 2.4.21-0.16mm-mdk
KDE 3.1.3 | Mozilla 1.4 Mail Client
Uptime:
 23:30:00 up 10 days, 10:46,  1 user,  load average: 0.36, 0.16, 0.11
___
"All truth passes through three stages. First, it is ridiculed.
Second, it is violently opposed. Third, it is accepted as being
self-evident."
-Arthur Schopenhauer (1788-1860)

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] Why is urpmi such a pain in the ...?

[Avi Schwartz]

Today, Mandrake has issued a security update to ssh (BTW, if you did 
not update it yet, you better do it soon, before the exploit starts 
circulating).  I updated all the sources but urpmi --update 
--auto-select told me that everything is up to date.  Tried the 
graphical updater, the same story.  I ended up downloading the new RPMs 
and installing them manually.  How am I supposed to trust DrakeUpdate 
and urpmi?

This is something Mandrake can learn from SuSE.  Their online update 
works perfectly every time.

Avi


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com