Conservative package update #10

Closed
chris-rock opened this Issue May 10, 2014 · 1 comment

Comments

Projects
None yet
1 participant
@chris-rock
Member

chris-rock commented May 10, 2014

We should separate package updates from hardening. The current version updates the dependencies for apt by using and upgrades the system on RHEL

The behavior for apt and yum is slightly different and should be harmonized. I propose, we do not a yum update because this would lead to package upgrades in production environments that we may not want.

  • make package upgrades optional
  • stick to a specific version of apt to ensure the same behavior
  • always update dependencies e.g. apt-get update
  • a default rerun should not update packages
@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock May 13, 2014

Member

Fixed by #12
We do not fix the package versions in metadata until we get to know a specific issue.

Member

chris-rock commented May 13, 2014

Fixed by #12
We do not fix the package versions in metadata until we get to know a specific issue.

@chris-rock chris-rock closed this May 13, 2014

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this issue Sep 16, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment