tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: $fetch_pkg_vulnerabilities warning from /etc/daily

    Date:        Wed, 12 Jun 2013 08:59:07 -0700
    From:        "Erik E. Fair" <>
    Message-ID:  <>

  | daily.conf(5) doesn't say what to set it to (not every variable is YES
  | or NO).

But daily.conf(5) does say ...

        Check the /etc/defaults/daily.conf file if you are in doubt.

and that one contains ...

fetch_pkg_vulnerabilities="" # set to NO to disable and not be warned about

which all taken together seems reasonably comprehensive to me.
(though I guess you need to assume that YES is another possible setting).

Greg Troxel <> said:
 | I'd say this is a bug; there should be a (quiet) default in almost all cases,
 | and only in the most extreme situations should we bother a human. 

I'd generally agree, except perhaps for the "most extreme" part - but this
is a case where it is hard to decide what the default should be.  If set to
YES, the system will make (by default) unrequested (by the admin) forays
into the network fetching (or attempting to fetch) a file that perhaps no-one
wanted (which is evil behaviour) and if set to NO, then no vulnerability
checking gets done (by default) and nor would anyone be wanred that nothing
is getting checked (which is also not nice).

This one is, I think, one of those cases where the admin ought to be
bothered by the warning in the daily mail until they decide which way
their system should be configured.


Home | Main Index | Thread Index | Old Index