Announce: Check_Yum for RedHat/CentOS serverpackagealerts

Hari Sekhon hpsekhon at googlemail.com
Thu May 1 15:11:10 CEST 2008

Previous message: Announce: Check_Yum for RedHat/CentOS serverpackagealerts
Next message: Announce: Check_Yum for RedHat/CentOS serverpackagealerts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tom Brown wrote:
>> Did you add yum manually to RHEL 4 and if so, what implications are 
>> there for updates then, is there any official repo for that, or only 
>> 3rd party. If 3rd party, do they support security information support 
>> for yum? Otherwise you'd have to use --all-updates or 
>> --warn-on-any-update and keep the whole system up to date if you 
>> cannot differentiate between security and normal updates.
>
> yum was built by us to provide a way to deploy rpm's to machines 
> easily from custom repo's etc - if we need to update we update from 
> yum using local repo's mirrored from upstream.
>
It's not clear though whether or not the 3rd party repos support 
security package information like yum provides on RHEL 5.

You may want to just do a generic --all-updates to return critical for 
any available update or just --warn-on-any-update to still try to 
differentiate but warn on non-security packages and upgrade any 
available packages?

I've not managed to get a straight answer out of anyone on how 3rd party 
repos affect the security of a system with regards to managed security 
updates. The usual evasive answer is that Redhat only provide support 
for their limited official repository, but where does this leave people 
who use all these 3rd party repos to make up for the deficiency of the 
official repo? This is why I prefer Gentoo and Debian's more 
comprehensive official repositories that are managed better and have 
security updates.

If anyone knows more about 3rd party repository and security updates 
this I'd love to hear it as I hate the idea of getting security updates 
for only a subset of the total installed packages (hence why 
--warn-on-any-update may be useful to try to get around this)

-h

-- 
Hari Sekhon

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Announce: Check_Yum for RedHat/CentOS serverpackagealerts
Next message: Announce: Check_Yum for RedHat/CentOS serverpackagealerts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list