OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [suse-security] Suggestion to the SuSE security people
From: Bo Jacobsen (bjcimage.dk)
Date: Wed Oct 04 2000 - 03:55:02 CDT

Hi there,
I have a suggestion to you security guys, that could make life a lot easier for a lot of us out here,
and at the same time really make the SuSE security update feature shine, compared to the other
linux distributions.

I have noticed that since 24/9-00 six updates to SuSE 7.0 has been posted on your security site.
At this rate it could turn out to be a very time consuming job having to update Linux all the time.

To make this a much easier task, I suggest that you, on top of the usual downloadable update files,
make available a gzip file containing all the updates relevant to your latest distribution (7.0 at this
moment).
Every time a new update is posted you also post a new gzip file that includes all earlier updates
AND the new one. This file could be called SU1, SU2... SUn. (SU = Security Update).

The gzip file should, besides the .rpm files, include a shell script that could automate all the updates.
The script could maybe do something like this:

    for (first_update to last_update present in the gzip file) do {
        if (module or program that the updated relates to is installed on the target system) {
            do_update = false
            if (this update is older then the one installed)
                do_update = ask_user_if_ok_to_update ()
            else if (module has not been updated) {
                if (running update will overwrite config file(s) that the user/system may have edited) {
                    if (do_update = ask_user_if_ok_to_update ())
                        make copy (.bak) of config file(s)
                }
            }
            if (do_update)
                run the rmp update
        } else
            do_nothing
    }

A procedure like this could really make a difference. Updating could now be almost totally automated,
and if SuSE would post an e-mail to this forum when a new update is released, I'm sure a lot of
SuSE installations would be updated much more frequently then is the case today. I for one would
update our systems a lot more frequently.

Lets also say that you put a subject string like "Announce: SuSE security update SU05 is released ...."
in the e-mail, and in the Message body a link to the newest update file. Users could then make a filter
in their e-mail client that would redirect all mail coming from SuSE containing this subject string, to
a high priority mailbox. When the user opens the mail, he just clicks on the link and this baby would
rock'n role.

Of cause I could write the script my self, but that would not make the downloading easier at all, and
here I see a opportunity for SuSE, with very little effort, to really make thinks much more "user friendly".

Thanks in advance
Bo Jacobsen bjcimage.dk

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com