Unattended updates

John Richard Moser nigelenki at comcast.net
Fri Jun 30 16:47:37 BST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Ivan Krstic wrote:
> David Nielsen wrote:
>> That being said if the system starts doing underhanded automatic
>> installs I would think that if the user has 3rd party repos in his
>> sources.list we would be subject to some nasty spoofing attacks 
> 
> I'm not sure what it'll take to have people stop talking about this as
> if it were to be written sometime in the future. This exists, it's
> written already, and it's in Dapper. It's also resistant to the kind of
> attack David proposes, since it requires explicit specification of
> (origin, archive) tuples for which unattended upgrades are allowed:
> 
> krstic at aeryn:~> cat /etc/apt/apt.conf.d/50unattended-upgrades
> // allowed (origin, archive) pairs
> Unattended-Upgrade::Allowed-Origins {
>         "Ubuntu dapper-security";
> //      "Ubuntu dapper-updates";
> };
> 

Great, now all we need are "Repositories" in Synaptic to offer a
checkbox for "Automatic Updates from this repository".

TBH unless the thing comes back like "HOLYSH- UBUNTU KEY LOOKS NOT LIKE
MY COPY" I'll just mindlessly click through it.  That should be safe as
long as you keep your private keys a secret to everyone.

> // never update the packages in this list
> Unattended-Upgrade::Package-Blacklist {
> //      "vim";
> };
> 

"Never AUtomatically Update This Package" in right-click menu... and a
"no automatic updates" list in the "Status" tab.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond

    We will enslave their women, eat their children and rape their
    cattle!
                  -- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRKVHmAs1xW0HCTEFAQJUQw//fMg4Wkb3tJPV5XEn9jZR3/DFE+lP0fh9
uSfoTzE0n/A27ZLr1qDu0a220U4h0aGw57Rrvx+yewvfBSUNUzar44GeJXzDfn7W
2g0ABFxtgiRy5AVJUGUfPbxrXpfdEU0v9gNMDoSLP3Y2cFaFaWdgzKLzypafgtLt
vDkILFOGUvjMrbp2aZB2FTDnSCRuoRW/qfq7d9IJCZI7D92ILr3LZxy2Rlo5MCBI
uJPravXqQ3eaDv1LQzI8NS0xI90f0W/rzKXzvzkKf4TvhnXrzBaYWA1zMmY+q0TH
u3gP0KT1snv4P8TL8qte63rLG9tNdCdnATlRU5Xg7CJBgxXVjqPJ0n8L7+s4f9Uc
1Q4h++XEJzUjWcfjG+sb51E0MSEKY0PblId07NU+e2qWW8h2BZMoZdkavHz7bAN/
obWZ41ibz2lg5l/H8Wx9hFnl6SUT3KtwDCLJ/nGvi5qAWtbxnv4XYJDSh6QbBkec
gEGbVJ9JCjkHlZaTubBMOEp3yNaFIviLvKlrrqTSRt/JnCGWUHDyqljxw3rOxH4c
UGmPbV9V/LUOZm81+QDRZD1qa69FHqjcqeAlEL+VWEnVzsXuxsT2UGz04BkCJa5H
RP8CW1Asvs+nQqyIu4o2m4Lofm9q6X+Lkabx3OFcWxAfSloe9np1xrWfWlYtM6AQ
fUEUAJG5Njc=
=yJoo
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list