ubunyu 9.0 updates
hs.samix at gmail.com
Fri Jun 19 20:39:12 UTC 2009
David Curtis wrote:
> I disagree with the virus issue the others pointed out, as successful
dns poisoning or other sophisticated attacks (on official repos) would
necessarily be a cryptographic attack. I would doubt this would be
noticed even by an expert doing a manual update/upgrade. This is because
apt rejects packages with bad crypto if you ended up updating/upgrading
from a bad/compromised archive. If an attack like this was successful
(highly doubtful) whether we're automatically updating or manually
updating, let's just say we're all screwed. :(
> I do agree that if your using unofficial repos that, yes, you definitely want to keep an eye on them and investigate and approve them one by one. But that can be configured within the apt upgrade system.
> The biggest problem with automating updates/upgrades is that you tell apt to assume 'yes' for all questions it may ask. Once in a blue moon an upgrade will replace a configuration file. If you've manually edited a configuration file and apt assumes 'yes' and replaces it with the new default configuration file, things can break. Say, for example, we're talking about grub and a /boot/grub/menu.lst. If you've manually edited to include paramaters on the boot line and the file is automatically overwritten, conceivably, you could end up with a non-bootable system.
Completely agree with the above three points of yours. The last one is
actually the most insightful and perhaps the most important.
BTW, is something the matter with line breaks in the application you are
using to post here? Each of your paras is one long line in my reader :(
Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.
More information about the ubuntu-users