[WBEL-users] Preparing Security Updates

Johnny Hughes mailing-lists@hughesjr.com
Tue, 14 Sep 2004 06:09:47 -0500 

On Tue, 2004-09-14 at 04:15, Klaus list wrote:
> > Klaus list wrote:
> > > Hi all,
> > > 
> > > About using other RH's clones RPMS I have a question:
> > > 
> > > Is it possible to upgrade with these RPMS with for example yum. Or do I
> > have
> > > to download and install the RPMS by hand?
> > 
> > Lineox supports yum and apt-get, Tao only yum and I believe CentOS too. 
> > Lineox doesn't have yum support for x86_64 yet, but will soon. The 
> > reason Lineox prefers apt-get is graphical front end, synaptic.
> 
> Thanks for the info.
> 
> > > Does anyone have a config file?
> > 
> > Look at the distro sites. Tao has yum-conf rpm if you don't find the 
> > info on web pages.
> 
> Thats what I did:
> 
> Deinstall yum-package from whitebox linux (necessary?). Install yum,
> tao-yum-config RPMS und import the tao PGP key.
> 
> yum update
> 
> thats it. Everything looks pretty ok. Can I get trouble with this
> configuration?
> 
> Klaus

Mixing and matching can cause problems, so I would pick one of the
distros (WhiteBox, CentOS, TaoLinux, Lineox, etc.) and stick with it.

If you want to use exclusively TaoLinux, I would look for any packages
that have either whitebox, WB, or WBEL in them and download and install
the TaoLinux equivalent.  If you are only doing this for the updates,
but want to maintain WBEL as your distro, just track the packages you
upgrade and install the WBEL packages once they come out.

There is really not much difference between the 3 Free major RHEL clones
(TaoLinux, WBEL, CentOS), so choose the best one for your needs.  Lineox
is not free, but seems to get the updates a little faster.  Personally,
I used to use WBEL exclusively ... and I still recommend it.  However,
CentOS seems to have more (and faster) mirrors and seems to get updates
out more quickly (but only supports x86), so it is also a good choice
for x86.  TaoLinux supports the most architectures.  In reality, either
distro is usable.  

Personally, I would just pick one and stick with it.

----------------------------
There was a post earlier that stated that the last update for WhiteBox
was:

Ethereal Update from 2004-08-05

I just want to state for the record that there have been updates to WBEL
since 8/5/2004 ... including:

gcc on 8/6
gnome-vfs2 on 8/6
libpng on 8/6 and 8/19
mozilla on 8/19
qt on 8/25
postgresql on 8/6

That was a just at a glance in the i386 updates directory...

Basically, the updates missing are the Update3 stuff from RedHat.  

Personally, If I was John Morris, I would take the CentOS approach
(which is to do the RHSA (security) items first, then do the RHBA and
RHEA items and create the respin) ... but doing all of them at the same
time is also a valid method.  Only these are security updates:

2004-09-07 RHSA-2004:400
Updated gaim package fixes security issues

2004-09-01 RHSA-2004:323
An updated lha package fixes security vulnerability

2004-09-01 RHSA-2004:349
Updated httpd packages fix mod_ssl security flaw

2004-09-01 RHSA-2004:436
Updated rsync package fixes security issue

2004-08-31 RHSA-2004:350
Updated krb5 packages fix security issues

The rest are bug fixes or enhancements.
-----------------

Johnny Hughes
<http://www.hughesjr.com/>