i see one available in the repos, but i don't recall seeing any announcement about it. from googling, it does seem to be real, but still a bit disconcerting to not have an announcement about it.
On 3/26/07, Joe Pruett joey@clean.q7.com wrote:
i see one available in the repos, but i don't recall seeing any announcement about it. from googling, it does seem to be real, but still a bit disconcerting to not have an announcement about it.
For which version of centos?
For centos4 there have been several tzdata update announcements, and the actual fix had been in place for a few months prior to the DST change.
Are you subscribed to the announcements list? You can check the archives here http://lists.centos.org/pipermail/centos-announce/
Jim Perrin spake the following on 3/26/2007 8:04 AM:
On 3/26/07, Joe Pruett joey@clean.q7.com wrote:
i see one available in the repos, but i don't recall seeing any announcement about it. from googling, it does seem to be real, but still a bit disconcerting to not have an announcement about it.
For which version of centos?
For centos4 there have been several tzdata update announcements, and the actual fix had been in place for a few months prior to the DST change.
Are you subscribed to the announcements list? You can check the archives here http://lists.centos.org/pipermail/centos-announce/
I think he is talking about tzdata-2007d-1.el4 that just came out. I didn't see an announcement either, and I don't see one in the archives.
On Mon, 26 Mar 2007 09:03:21 -0700, Scott Silva wrote:
Jim Perrin spake the following on 3/26/2007 8:04 AM:
On 3/26/07, Joe Pruett joey@clean.q7.com wrote:
i see one available in the repos, but i don't recall seeing any announcement about it. from googling, it does seem to be real, but still a bit disconcerting to not have an announcement about it.
For which version of centos?
For centos4 there have been several tzdata update announcements, and the actual fix had been in place for a few months prior to the DST change.
Are you subscribed to the announcements list? You can check the archives here http://lists.centos.org/pipermail/centos-announce/
I think he is talking about tzdata-2007d-1.el4 that just came out. I didn't see an announcement either, and I don't see one in the archives.
Is it this one in the upstream?
Is it this one in the upstream?
yes, that is the one. i was wondering if the announcement just was forgotten or if the updates wasn't really ready yet but slipped into the repos.
yes, that is the one. i was wondering if the announcement just was forgotten or if the updates wasn't really ready yet but slipped into the repos.
Given the focus on getting centos5 out the door, I'm betting the announcement was just overlooked.
Joe Pruett wrote:
Is it this one in the upstream?
yes, that is the one. i was wondering if the announcement just was forgotten or if the updates wasn't really ready yet but slipped into the repos.
Which would annoy you more? 1. Update sans announcement 2. Announcement sans update.
There will always be a timing issue, and I'd go with releasing the update, allowing mirrors to sync and then the announcement.
John Summerfield spake the following on 3/27/2007 5:28 PM:
Joe Pruett wrote:
Is it this one in the upstream?
yes, that is the one. i was wondering if the announcement just was forgotten or if the updates wasn't really ready yet but slipped into the repos.
Which would annoy you more?
- Update sans announcement
- Announcement sans update.
There will always be a timing issue, and I'd go with releasing the update, allowing mirrors to sync and then the announcement.
As long as the sysop doesn't depend on announcements to do updates, it shouldn't matter. You can always cron yum check-update, and read the cron mail.
Scott Silva wrote:
John Summerfield spake the following on 3/27/2007 5:28 PM:
Which would annoy you more?
- Update sans announcement
- Announcement sans update.
There will always be a timing issue, and I'd go with releasing the update, allowing mirrors to sync and then the announcement.
As long as the sysop doesn't depend on announcements to do updates, it shouldn't matter. You can always cron yum check-update, and read the cron mail.
As far as I can tell, RH does not announce all updates to RHEL4.
btw I just discovered my FC6 test system busily trying to update itself, without my consent.
My consent would certainly be withheld, there's no way I can track FC updates through a modem, especially with all the stuff I do want.
FC6 may well find itself replaced with Debian.
On Thu, Mar 29, 2007 at 09:51:38AM +0800, John Summerfield wrote:
As long as the sysop doesn't depend on announcements to do updates, it shouldn't matter. You can always cron yum check-update, and read the cron mail.
As far as I can tell, RH does not announce all updates to RHEL4.
Yeah, annoying. My guess is that it's to prevent updates like timezone data changes from getting counted as security bug fixes in statistics made by clueless analyst report firms.
btw I just discovered my FC6 test system busily trying to update itself, without my consent.
Yes, thank goodness. Updates are essential. There's two cases: informed, active sysadmin; vs. not paying attention.
With updates off by default, the informed sysadmin may or may not turn them on -- but they're the case which is most likely to apply security updates quickly when needed. The other case ends up with no updates. This issue affects the rest of us in the form of botnets and spam.
Updates automatically = if you don't like it, you can turn 'em off. If you don't care, you've got a minimal level of protection.
My consent would certainly be withheld, there's no way I can track FC updates through a modem, especially with all the stuff I do want. FC6 may well find itself replaced with Debian.
I think you'll find the current popular fanboy "ooh I'm going to leave threat distribution to be Ubuntu". Two years ago, Gentoo, but apparently that's passé now.
Matthew Miller wrote:
btw I just discovered my FC6 test system busily trying to update itself, without my consent.
Yes, thank goodness. Updates are essential. There's two cases: informed, active sysadmin; vs. not paying attention.
Bloody stupid. What is the volume of updates required to go from fresh install to fully up2date? About the size of the original install I suspect.
How long to download through my modem, through which I already download around a Gbyte/month?
It's even sillier when you consider this: [summer@bilby ~]$ du -sh /net/ns/var/local/mirrors/linux/Fedora/6/updates/i386/ 2.3G /net/ns/var/local/mirrors/linux/Fedora/6/updates/i386/ [summer@bilby ~]$
With updates off by default, the informed sysadmin may or may not turn them on -- but they're the case which is most likely to apply security updates quickly when needed. The other case ends up with no updates. This issue affects the rest of us in the form of botnets and spam.
Updates automatically = if you don't like it, you can turn 'em off. If you don't care, you've got a minimal level of protection.
It would be nice to be asked. You can't know my circumstances. Unavailabiltity of broadband within sight of the Perth CBD is an extremely sore point round here.
My consent would certainly be withheld, there's no way I can track FC updates through a modem, especially with all the stuff I do want. FC6 may well find itself replaced with Debian.
I think you'll find the current popular fanboy "ooh I'm going to leave threat distribution to be Ubuntu". Two years ago, Gentoo, but apparently that's passé now.
Que?
fwiw I run FC{5,6}, Kubuntu, OpenSUSE 10.2, Debian (several, arguably the most important is keeping the ungodly the right side of my modem).
FC6 would hav died a couple of hours ago, but I got a little fearful when Debian's proposed usage of the second drive is "FREE SPACE." I'd rather "untouched."
Joe Pruett wrote:
Is it this one in the upstream?
yes, that is the one. i was wondering if the announcement just was forgotten or if the updates wasn't really ready yet but slipped into the repos.
Which would annoy you more?
- Update sans announcement
- Announcement sans update.
There will always be a timing issue, and I'd go with releasing the update, allowing mirrors to sync and then the announcement.
i was actually more concerned about a rogue package getting slipped in somehow.
On Thu, 2007-03-29 at 11:01 -0700, Joe Pruett wrote:
Joe Pruett wrote:
Is it this one in the upstream?
yes, that is the one. i was wondering if the announcement just was forgotten or if the updates wasn't really ready yet but slipped into the repos.
Which would annoy you more?
- Update sans announcement
- Announcement sans update.
There will always be a timing issue, and I'd go with releasing the update, allowing mirrors to sync and then the announcement.
i was actually more concerned about a rogue package getting slipped in somehow.
That is why we sign packages ... if it has our key, it is good to go :P
The real issue was that RH initially released it for fastrack, then they moved it without announcement (it is a bug fix and not a security fix) into main updates for el3 ... we followed suit.
-
Akemi Yagi -
Jim Perrin -
Joe Pruett -
John Summerfield -
Johnny Hughes -
Matthew Miller -
Scott Silva