Re: [gentoo-security] Security project meeting summary

Mon, 28 Jul 2008 15:08:47 -0700 

Hello, Robert:

Robert Buchholz wrote:

On Monday 21 July 2008, Aleksey V Lazar wrote:

Hello.  Would it be reasonable to suggest adding a ~security (or
something like it) flag to denote packages masked for security
reasons?


Hi Aleksey,


since entries package.mask only contain free text description as an 
additional information, such a feature would require the package 
manager to decide which entries are security maskings, and which are 
feature maskings. While that could be done using 
restrictions/conventions within the text, I am sure our package manager 
developers would disagree with such a design. A "package.security.mask" 
file might be more appropriate for that.
  

Are you saying that security mask entries would go into the 
package.security.mask and feature/other to package.mask?  I think this 
would make sense.

My question now is, why would you want such a thing? Masked packages all 
have different reasons to be there, and you should decide to use one on 
a case-by-case basis.  
  

I described in some more detail what I was thinking about in my previous 
post to this list.



To answer your question, I think a feature like this would be very 
useful, because it would remove barriers for identifying packages with 
security issues.  For example, I don't update my gentoo system daily, 
but I would update it as often as necessary to keep it secure.  
Currently (to the best of my understanding) there is no easy way (e.g.: 
an /emerge/ option) to identify and update only the packages that have 
security fixes.  I would have to do some digging to find out what 
packages and evaluate each package separately.  So I think there would 
be value in separating security masking from other types. To summarize, 
I think this would accomplish the following:


1. Easily identify packages masked for security reasons.

2. Easily identified installed packages that have security issues/fixes 
available.

3. Option for /emerge/ to only update packages with security fixes

Thank you for consideration.
Aleksey

Regards,
Robert


  


--
Aleksey V. Lazar
Website Development
Memorial Library 3010
Minnesota State University
Mankato, MN 56001
http://www.mnsu.edu/
Tel.: 1-507-389-2480























					Reply via email to