ubunyu 9.0 updates

Sat Jun 20 06:59:59 UTC 2009

> Message: 6
> Date: Fri, 19 Jun 2009 22:22:34 -0400
> From: David Curtis <dcurtis at uniserve.com>
> Subject: 
> To: ubuntu-users at lists.ubuntu.com
> Message-ID: <20090619222234.fc356ec8.dcurtis at uniserve.com>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Fri, 19 Jun 2009 16:39:12 -0400
> "H.S." <hs.samix at gmail.com> wrote:
> 
>> David Curtis wrote:
>> > I disagree with the virus issue the others pointed out, as successful
>> > dns poisoning or other sophisticated attacks (on official repos) would
>> > necessarily be a cryptographic attack. I would doubt this would be
>> > noticed even by an expert doing a manual update/upgrade. This is
>> > because
>> > apt rejects packages with bad crypto if you ended up
updating/upgrading
>> > from a bad/compromised archive. If an attack like this was successful
>> > (highly doubtful) whether we're automatically updating or manually
>> > updating, let's just say we're all screwed. :(
>> > 
>> > I do agree that if your using unofficial repos that, yes, you
>> > definitely want to keep an eye > > on them and investigate and approve
>> > them one by one. But that can be configured within the
>> > apt upgrade system.
>> > 
>> > The biggest problem with automating updates/upgrades is that you tell
>> > apt to assume 'yes' for > > all questions it may ask. Once in a blue
>> > moon an upgrade will replace a configuration file.
>> > If you've manually edited a configuration file and apt assumes 'yes'
>> > and replaces it with the > > new default configuration file, things
can
>> > break. Say, for example, we're talking about grub > > and a
>> > /boot/grub/menu.lst. If you've manually edited to include paramaters
on
>> > the boot line
>> > and the file is automatically overwritten, conceivably, you could end
>> > up with a non-bootable > > system.
>> > 
>> 
>> Completely agree with the above three points of yours. The last one is
>> actually the most insightful and perhaps the most important.
>> 
>> BTW, is something the matter with line breaks in the application you are
>> using to post here? Each of your paras is one long line in my reader :(
>> 
>> Regards.
> 
> You got me there. I'm using plain old sylpheed (2.6.0). In using
sylpheed,
> I treat it like a word processor, don't hit enter until I end a
paragraph.
> Just googled 'sylpheed line breaks' and does seem to be some missives on
> line breaks and auto-wrap, bugs and so forth, I will investigate. If
anyone
> else sees this, I can change over to claws (or something else) fairly
> easily.
> 
> Doing a bit more research into Unattended-upgrades, I must admit I just
> can't find documentation for apt besides the basic Ubuntu and Debian
> howtos. If anyone can point me to good apt docs in regards to
> /etc/apt/apt.conf.d and it's requisite files, I'm all ears.

Actually there is a way to fully automate the updating of packages.

cron-apt.

Try 'apt-cache show cron-apt'.

However there are all sorts of caveats about trusting the source of the
packages. I think the default setting is just to download the packages. I
run it on a Debian box but not on my Ubuntu machines so I don't how well it
plays with Update Manager.

Mark.