FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-11-2007, 09:40 PM
"Amos Shapira"
 
Default "yum --security" and staying with 5.0

Hello,

So I've watched a few threads about the new 5.0 vs. 5.1 upgrade and
have a couple of (hopefully) practical questions about this:

Context - I'd like to stick to 5.0 at least for a while until the dust
around 5.1 settles down (and I'm back from holidays).
As an example - In Debian, as long as I stick to "stable" I can be
sure that the only updates I receive there are for heavily tested very
important bugs and security issues, so I should generally apply them.

1. If I read the FAQ correctly, in order to force yum to stay with 5.0
should I just manually edit /etc/redhat-release from:

CentOS release 5 (Final)

to:

CentOS release 5.0 (Final)

(i.e. add ".0" to the version)? If not then what should I do?

2. I am hoping that yum-security will allow me to stick to the latest
security updates for 5.0 without forcing me to upgrade to 5.1 until
the dust settles down. Am I correct that this is possible with
yum-security and the repositories provided by CentOS? Will "yum update
--security" update packages with later versions only if those versions
fix security issues? Are security updates maintained for 5.0? Here is
what I get right now on one of my systems (without doing the change I
asked about in (1)):

# yum --security list updates
Loading "security" plugin
Loading "installonlyn" plugin
Setting up repositories
base 100% |=========================| 1.1 kB 00:00
updates 100% |=========================| 951 B 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Limiting package lists to security relevant ones
No packages needed, for security, 196 available

If I drop the "--security" flag I indeed get a list of196 packages to upgrade.

So to clarify my question - is my system secure (in terms of package
versions) by sticking to "yum update --security"?

Thanks,

--Amos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-11-2007, 09:55 PM
Karanbir Singh
 
Default "yum --security" and staying with 5.0

Amos Shapira wrote:
> Context - I'd like to stick to 5.0 at least for a while until the dust
> around 5.1 settles down (and I'm back from holidays).

ok, so what do you mean by sticking to 5.0 ? you mean you dont want any
updates at all for those machines, even if they might be security issues ?

> As an example - In Debian, as long as I stick to "stable" I can be
> sure that the only updates I receive there are for heavily tested very
> important bugs and security issues, so I should generally apply them.

CentOS does not follow the debian release model.

> 1. If I read the FAQ correctly, in order to force yum to stay with 5.0
> should I just manually edit /etc/redhat-release from:
>
> CentOS release 5 (Final)
> to:
> CentOS release 5.0 (Final)

no, there is no such mention abut anything in the FAQ or anywhere else
that I can find. What made you believe that changing stuff in that text
file will change the repo's your machine is looking at ?

> 2. I am hoping that yum-security will allow me to stick to the latest
> security updates for 5.0 without forcing me to upgrade to 5.1 until

read the release notes about yum-security


--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 03:22 AM
David Goldsmith
 
Default "yum --security" and staying with 5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karanbir Singh wrote:
> Amos Shapira wrote:
>> 1. If I read the FAQ correctly, in order to force yum to stay with 5.0
>> should I just manually edit /etc/redhat-release from:
>>
>> CentOS release 5 (Final)
>> to:
>> CentOS release 5.0 (Final)
>
> no, there is no such mention abut anything in the FAQ or anywhere else
> that I can find. What made you believe that changing stuff in that text
> file will change the repo's your machine is looking at ?

Possibly this: http://wiki.centos.org/FAQ/CentOS5#q8

- --
David Goldsmith, SANS NOC
SANS Institute (www.sans.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHX2Hs417vU8/9QfkRAs/RAJ97SpViDVo5glViEQgFnOcEyyGnIACfVOk7
YlZdsWY+q0l4DNCY47LKc1A=
=YRNh
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 03:31 AM
"Amos Shapira"
 
Default "yum --security" and staying with 5.0

On 12/12/2007, David Goldsmith <dgoldsmith@sans.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Karanbir Singh wrote:
> > Amos Shapira wrote:
> >> 1. If I read the FAQ correctly, in order to force yum to stay with 5.0
> >> should I just manually edit /etc/redhat-release from:
> >>
> >> CentOS release 5 (Final)
> >> to:
> >> CentOS release 5.0 (Final)
> >
> > no, there is no such mention abut anything in the FAQ or anywhere else
> > that I can find. What made you believe that changing stuff in that text
> > file will change the repo's your machine is looking at ?
>
> Possibly this: http://wiki.centos.org/FAQ/CentOS5#q8

Yes, exactly - the text there explains how to find out on which branch
you are, but not about how to tell CentOS on which branch you want to
be.

Is there such a thing or is 5.0 abandoned as soon as 5.1 is out and I
practically MUST upgrade to 5.1 to stay secure?

Thanks,

--Amos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 03:39 AM
"Amos Shapira"
 
Default "yum --security" and staying with 5.0

On 12/12/2007, Karanbir Singh <mail-lists@karan.org> wrote:
> Amos Shapira wrote:
> > Context - I'd like to stick to 5.0 at least for a while until the dust
> > around 5.1 settles down (and I'm back from holidays).
>
> ok, so what do you mean by sticking to 5.0 ? you mean you dont want any
> updates at all for those machines, even if they might be security issues ?

(I also replied to David's message)

No. I'm trying to understand where does 5.0 stand now that 5.1 is out
- should I abandon 5.0 and upgrade to 5.1 if I want to stick to
secure, stable releases or is 5.0 going to be maintained in parallel
to 5.0 for security issues?

>From your response so far I suspect that it's the former (must upgrade to 5.1).

>
> > As an example - In Debian, as long as I stick to "stable" I can be
> > sure that the only updates I receive there are for heavily tested very
> > important bugs and security issues, so I should generally apply them.
>
> CentOS does not follow the debian release model.

This idea is beginning to sink in :^).

I just though that RHEL/CentOS is all about providing rock-solid,
tested stable releases but there are some noises on the net that the
new release might be giving early adopters some rough time.

>
> > 1. If I read the FAQ correctly, in order to force yum to stay with 5.0
> > should I just manually edit /etc/redhat-release from:
> >
> > CentOS release 5 (Final)
> > to:
> > CentOS release 5.0 (Final)
>
> no, there is no such mention abut anything in the FAQ or anywhere else
> that I can find. What made you believe that changing stuff in that text
> file will change the repo's your machine is looking at ?

It doesn't explicitly say so but as David pointed out,
http://wiki.centos.org/FAQ/CentOS5#q8 talks about the content of this
file as a way to know where the system thinks it belongs to now.

I now noticed the last sentence saying "you are in the update release
stream for the 5.1 series and you will not move to a newer release
without making changes to the yum config.". What kind of changes does
this refer to? Overriding the $releasever in the repository URL's to
hard-coded "5.0" or what?

Thanks,

--Amos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 03:54 AM
Clint Dilks
 
Default "yum --security" and staying with 5.0

Amos Shapira wrote:

On 12/12/2007, Karanbir Singh <mail-lists@karan.org> wrote:


Amos Shapira wrote:


Context - I'd like to stick to 5.0 at least for a while until the dust
around 5.1 settles down (and I'm back from holidays).


ok, so what do you mean by sticking to 5.0 ? you mean you dont want any
updates at all for those machines, even if they might be security issues ?



(I also replied to David's message)

No. I'm trying to understand where does 5.0 stand now that 5.1 is out
- should I abandon 5.0 and upgrade to 5.1 if I want to stick to
secure, stable releases or is 5.0 going to be maintained in parallel
to 5.0 for security issues?

>From your response so far I suspect that it's the former (must upgrade to 5.1).



As an example - In Debian, as long as I stick to "stable" I can be
sure that the only updates I receive there are for heavily tested very
important bugs and security issues, so I should generally apply them.


CentOS does not follow the debian release model.



This idea is beginning to sink in :^).

I just though that RHEL/CentOS is all about providing rock-solid,
tested stable releases but there are some noises on the net that the
new release might be giving early adopters some rough time.



1. If I read the FAQ correctly, in order to force yum to stay with 5.0
should I just manually edit /etc/redhat-release from:

CentOS release 5 (Final)
to:
CentOS release 5.0 (Final)


no, there is no such mention abut anything in the FAQ or anywhere else
that I can find. What made you believe that changing stuff in that text
file will change the repo's your machine is looking at ?



It doesn't explicitly say so but as David pointed out,
http://wiki.centos.org/FAQ/CentOS5#q8 talks about the content of this
file as a way to know where the system thinks it belongs to now.

I now noticed the last sentence saying "you are in the update release
stream for the 5.1 series and you will not move to a newer release
without making changes to the yum config.". What kind of changes does
this refer to? Overriding the $releasever in the repository URL's to
hard-coded "5.0" or what?

Thanks,

--Amos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



Hi Amos

My understanding is that unless you choose not to update your system at
all you can not freeze on a point release. So install from any 5.*
media and when you update you will go to the latest point release.


What I would suggest if you are really worried about this is to
configure /etc/yum.conf with a keepcache higher than 1 so that if an
update is done you can roll back the rpm


I hope this helps
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 04:06 AM
"Amos Shapira"
 
Default "yum --security" and staying with 5.0

On 12/12/2007, Clint Dilks <clintd@scms.waikato.ac.nz> wrote:
> Hi Amos
>
> My understanding is that unless you choose not to update your system at
> all you can not freeze on a point release. So install from any 5.*
> media and when you update you will go to the latest point release.
>
> What I would suggest if you are really worried about this is to
> configure /etc/yum.conf with a keepcache higher than 1 so that if an
> update is done you can roll back the rpm
>
> I hope this helps

Hi Clint,

Thanks for your reply. That answers my question.

I'll just try to avoid updates for now.

Cheers,

--Amos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 12:11 PM
Ralph Angenendt
 
Default "yum --security" and staying with 5.0

Amos Shapira wrote:
> Is there such a thing or is 5.0 abandoned as soon as 5.1 is out and I
> practically MUST upgrade to 5.1 to stay secure?

Basically: Yes.

5.1 is the *first* iso respin of CentOS 5 (5.0 being the first iso
spin). This contains some feature updates. At the moment (and it has
been like that for *all* CentOS releases this far) 5.1 is the *only*
CentOS 5 which exists. CentOS 5.0 *does not* exist anymore. CentOS 5.0
does *NOT* get *ANY* updates.

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 12:13 PM
Ralph Angenendt
 
Default "yum --security" and staying with 5.0

Amos Shapira wrote:
> I'll just try to avoid updates for now.

Why? It is *highly* unlikely that 5.1 will break *anything* for you. I
mean: Those are still the *SAME* software versions as in 5.0. And those
are the same software versions which will be in CentOS 5.5. Or 5.7.

You will *NOT* get any security updates that way, you are leaving your
machines vulnerable - and that for *NO* reason.

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 12:19 PM
Karanbir Singh
 
Default "yum --security" and staying with 5.0

David Goldsmith wrote:


no, there is no such mention abut anything in the FAQ or anywhere else
that I can find. What made you believe that changing stuff in that text
file will change the repo's your machine is looking at ?


Possibly this: http://wiki.centos.org/FAQ/CentOS5#q8


I read it again, and I still dont see how you might infer that changing
the string in redhat-release is going to change your repo interface.




--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org