downloading fc7 updates manually?
John Summerfield
debian at herakles.homelinux.org
Mon Nov 5 23:31:30 UTC 2007
Dave Burns wrote:
> This would not help me, because the machine that has access to the net
> and the yum repos is not the machine that is out of date. I don't want
> to expose the out-of-date machine to the net until it has been updated
> (feeling paranoid). I guess I should dredge around on the yum site to
> figure out how to diff the fc7 original rpms and the current rpms.
> Dave
It would help. The machine needing the updates needs a list of what's
available (new metadata) to produce a list of what it needs.
You can actually download on any machine, one running FreeBSD, OS X or
even Windows.
fwiw the out-of-date machine is at no risk of attack by worm if it does
not accept any connexions to any services: if you're not running your
web server (for example), body can attack it.
If you can't stop some service, then configure it to not listen on a
public address and/or configure a firewall to block it.
Preventing an attack by "invited" content - typically email and web
access - is up to the clown at the keyboard. If you don't read email,
and confine your web access to downloading and applying the updates, the
risks are pretty tiny. If _I_ can't trust my IAP and the suppliers (and
their mirrors) of my software, I best get off the 'net.
>
> On 11/5/07, John Summerfield <debian at herakles.homelinux.org> wrote:
>> apt-get, on Debian, has the "--print-uris" switch just for this purpose.
>> It prints a list of URIs for the packages needed to bring _this_ box up
>> to date, then you can take that list to someplace else and shove into wget.
>
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
More information about the users
mailing list