[olug] hint: debian apt, upgrade mixed software

Nate Rotschafer writetogenius at hotmail.com
Mon Jun 24 01:16:28 UTC 2002


MD5 hashes have been implemented for at least 6 months...PGP is required to 
get get a package into the upstream system...thus both methods are currently 
being used...soon PGP will sign all packages for the client machine...so 
they have taken steps to solve the problem and will continue to improve...

Nate


>From: "VincentR" <vincentr at cox.net>
>Reply-To: olug at olug.org
>To: <olug at olug.org>
>Subject: Re: [olug] hint: debian apt, upgrade mixed software
>Date: Sun, 23 Jun 2002 20:14:47 -0500
>
>Have they figured out a way to keep disgruntled admins from replacing 
>debian
>packages with trojans yet?
>
>I know someone said they were working on adding MD5 checksums and possibly
>PGP signature capabilities, but I never heard much more about it...
>
>
>----- Original Message -----
>From: "Brian Wiese" <bwiese at cotse.com>
>To: <olug at olug.org>
>Sent: Sunday, June 23, 2002 4:30 PM
>Subject: [olug] hint: debian apt, upgrade mixed software
>
>
> > Just thought I'd share something that I finally figured out with debian
> > apt, and have been wanting to do for quite a while... install packages 
>in
> > debian from different distributions (stable/testing/unstable) while
> > maintaining the rest of my system.
> >
> > The first time I tried to do this, I edited my /etc/apt/soruces.list to
> > have unstable sources, instead testing (which I am/was running)... did 
>an
> > apt-get install pkgname and I think it screwed up my entire system,
> > upgrading me to unstable or something.
> >
> > So, I finally found the APT-Howto:
> > http://www.debian.org/doc/manuals/apt-howto/index.en.html#contents
> >
> > and how to manage packages of different distros.  So, to upgrade my
> > current Apache to the latest 1.3.26 version to fix the much disputed
> > (http://online.securityfocus.com/news/493) chunk handling vulnerability
> > (http://www.cert.org/advisories/CA-2002-17.html) I guess the following
> > simple line worked!!:
> >
> > root at host:/# apt-get -u -t unstable install apache
> >
> > So that does the upgrade and the -t option lets you select the distro to
> > choose from, though you must have the proper apt sources for the 
>unstable
> > package.
> >
> > other common commands:
> >
> > dpkg -l <pkgname> = returns info about installed package <pkgname>
> > apt-show-versions -p <pkgname>  = see what versions of the package are
> > avail
> >
> > hope this helps someone else, and upgrade those apache installs! =(
> >
> >   Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
> > ------------------------------------------------------
> >   GnuPG/PGP key 0x1E820A73 | "FREEDOM!" - Braveheart
> >
> > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> >
> > For help contact olug-help at olug.org - run by ezmlm
> > to unsubscribe, send mail to olug-unsubscribe at olug.org
> > or `mail olug-unsubscribe at olug.org < /dev/null`
> > (c)1998-2002 OLUG http://www.olug.org
> >
> > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> >
>
>
>-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
>For help contact olug-help at olug.org - run by ezmlm
>to unsubscribe, send mail to olug-unsubscribe at olug.org
>or `mail olug-unsubscribe at olug.org < /dev/null`
>(c)1998-2002 OLUG http://www.olug.org
>
>-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list