downloading fc7 updates manually?

[John Summerfield]

Dave Burns wrote:
> This would not help me, because the machine that has access to the net
> and the yum repos is not the machine that is out of date. I don't want
> to expose the out-of-date machine to the net until it has been updated
> (feeling paranoid). I guess I should dredge around on the yum site to
> figure out how to diff the fc7 original rpms and the current rpms.
> Dave


It would help. The machine needing the updates needs a list of what's 
available (new metadata) to produce a list of what it needs.

You can actually download on any machine, one running FreeBSD, OS X or 
even Windows.


fwiw the out-of-date machine is at no risk of attack by worm if it does 
not accept any connexions to any services: if you're not running your 
web server (for example), body can attack it.

If you can't stop some service, then configure it to not listen on a 
public address and/or configure a firewall to block it.

Preventing an attack by "invited" content - typically email and web 
access - is up to the clown at the keyboard. If you don't read email, 
and confine your web access to downloading and applying the updates, the 
risks are pretty tiny. If _I_ can't trust my IAP and the suppliers (and 
their mirrors) of my software, I best get off the 'net.


> 
> On 11/5/07, John Summerfield <debian at herakles.homelinux.org> wrote:
>> apt-get, on Debian, has the "--print-uris" switch just for this purpose.
>> It prints a list of URIs for the packages needed to bring _this_ box up
>> to date, then you can take that list to someplace else and shove into wget.
> 


-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list