Hello, Robert:
Robert Buchholz wrote:
> On Monday 21 July 2008, Aleksey V Lazar wrote:
>
>> Hello. Would it be reasonable to suggest adding a ~security (or
>> something like it) flag to denote packages masked for security
>> reasons?
>>
>
> Hi Aleksey,
>
> since entries package.mask only contain free text description as an
> additional information, such a feature would require the package
> manager to decide which entries are security maskings, and which are
> feature maskings. While that could be done using
> restrictions/conventions within the text, I am sure our package manager
> developers would disagree with such a design. A "package.security.mask"
> file might be more appropriate for that.
>
Are you saying that security mask entries would go into the
package.security.mask and feature/other to package.mask? I think this
would make sense.
> My question now is, why would you want such a thing? Masked packages all
> have different reasons to be there, and you should decide to use one on
> a case-by-case basis.
>
I described in some more detail what I was thinking about in my previous
post to this list.
To answer your question, I think a feature like this would be very
useful, because it would remove barriers for identifying packages with
security issues. For example, I don't update my gentoo system daily,
but I would update it as often as necessary to keep it secure.
Currently (to the best of my understanding) there is no easy way (e.g.:
an /emerge/ option) to identify and update only the packages that have
security fixes. I would have to do some digging to find out what
packages and evaluate each package separately. So I think there would
be value in separating security masking from other types. To summarize,
I think this would accomplish the following:
1. Easily identify packages masked for security reasons.
2. Easily identified installed packages that have security issues/fixes
available.
3. Option for /emerge/ to only update packages with security fixes
Thank you for consideration.
Aleksey
> Regards,
> Robert
>
>
--
Aleksey V. Lazar
Website Development
Memorial Library 3010
Minnesota State University
Mankato, MN 56001
http://www.mnsu.edu/ Tel.: 1-507-389-2480