Author: Adam Borowski Date: To: dng Subject: Re: [DNG] OT: Patching De*an based systems at scale
On Thu, Oct 26, 2017 at 11:12:08AM -0500, dev wrote: > Hi All,
> I'd like to have a discussion about how to scale patch management on
> De*an based systems. > Is there a better way to get information about patch fixes other than
> digging up the Changelogs from a web browser?
You're not insane enough to run an unreleased version on a production
server, right? If so, every single update is accompanied by a DSA mail
(subscribe to debian-security-announce@???) or a point release
(debian-announce). As you specified "De*an", these apply to both
distributions matching this wildcard: if *=bi, to every package, if *=vu,
ones with a systemd dependency might face a slight delay (but less than 0.1%
of packages have such dependency).
Both DSA and point releases do list everything that has changed in packages
being updated.
You may additionally install apt-listchanges and configure it to show
changelogs, that will fetch relevant (and only those!) changelog entries of
packages you're about to install.
On a system running testing or unstable, apt-listchanges is the only way.
Meow!
--
⢀⣴⠾⠻⢶⣦⠀ Laws we want back: Poland, Dz.U. 1921 nr.30 poz.177 (also Dz.U.
⣾⠁⢰⠒⠀⣿⡁ 1920 nr.11 poz.61): Art.2: An official, guilty of accepting a gift
⢿⡄⠘⠷⠚⠋⠀ or another material benefit, or a promise thereof, [in matters
⠈⠳⣄⠀⠀⠀⠀ relevant to duties], shall be punished by death by shooting.