RH up2date is a joke!!!!

Place to discuss Fedora and/or Red Hat
Post Reply
Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

RH up2date is a joke!!!!

Post by Ice9 » Sat Apr 05, 2003 11:39 am

Their demo program is becoming more and more of a joke.
It's been 2 days now that there are some updates (no important ones, just eog, mutt and stuff like that) which are not available through apt-get yet and rhn demo-service is still disabled due to high load!!

I can understand that there IS a high server-load because RH9 just came out but hey, it's been like this every time an update is released.
Demo-service is always disabled for a couple of days before the updates become freely available.
C'mon, I can also understand that they give priority to paying customers for downloading the new iso's, but limiting access to updates?????

Edit: wow I suddenly got promoted from scripter to programmer!!!
Cool :D

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sat Apr 05, 2003 1:18 pm

I don't really understand the complaints. Actually the one specific to the "up2date" program I can't comment on since I have never used it or have any intentions of doing so. But as far as apt-get have you done an "apt-get update"? When I compare the Red Hat 9 updates ftp directory from the Red Hat 9 Errata page with what's in the FreshRPMS updates section I don't see a difference. Like I said before I don't believe apt is ever more than a day behind Red Hat because I believe it is all an automated process. Again, you have to do an "apt-get update" to update your list before apt and synaptic will recognize that there is new software in the repository.

I prefer to manually update critical servers because sometimes updating a software package requires a service restart or some customization of configuration files. For that I usually go directly to the errata. I can't afford to have a service unavailable because of an update problem. On non-critical machines I just add my "dist-upgrade" script to cron and let them update themselves. I get email from each machine daily with a report of the upgrade and weather there were any problems.

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Sat Apr 05, 2003 1:56 pm

Again, you have to do an "apt-get update" to update your list before apt and synaptic will recognize that there is new software in the repository.

Hitting the update button is usually the fi'rst thing I do when I launch synaptic, but now it's been like more than a week since there was an actual update to the lists.

It's no biggie though since I was thinking about installing a completely different distro.
I have the feeling that I ouwld learn the most by doing that, the problem-solving when I first installed RH8 (and even afterwards) is what taught me the most and right now I'm in a state of protectionism.
I have a (almost) perfectly running distro and I'm really reluctant to do anything that might compromise that, so if I moved to, say Debian testing, I would be forced to do the problem-solving thing again and I would be in a much steeper learning curve again.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sat Apr 05, 2003 3:15 pm

Yes, you surely learn by installing other distros. Debian is a good distro and I also use it.

Back to your apt-get. I don't understand what you mean by there hasn't been an update to the lists in over a week. We *are* talking about Red Hat 9 right? If so, what version of mutt does it say is available in synaptic? If it says "1.4.1-1" then your apt is working just as it should as mutt was just added to Red Hat's update server less than 2 days ago.

It's only going to update things that you have installed, and of course only if you click the "Upgrade" or "Dist-Upgrade" buttons. Maybe I'm missing something or still not understanding what you are referring to.

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Sat Apr 05, 2003 4:11 pm

no no no, I'm still using RH8.
This is why I asked in the other post if support for RH8 was more or less abandonned in favor of RH9.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sat Apr 05, 2003 4:30 pm

What does your /etc/apt/sources.list file look like? The RH8.0 apt repository on ayo.freshrpms.net and apt.freshrpms.net looks the same as the Red Hat 8.0 update server. The latest mutt for RH8 is mutt-1.4.1-0.8.x.i386.rpm which was placed on the Red Hat server less than two days ago. It is in both RH8 updates repositories that I know about. What version are you showing is available in Synaptic? If it's 1.4.1-0.8.x then I would say everything is working. What do you believe is missing?

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Sun Apr 06, 2003 12:14 am

I don't know if there's actually anything missing.
It''s just an impression, for the last week and 1/2 I updated synaptic like 12 times and not one single time has there been a change on the packages available.
The mutt version that shows as available right now is 1.4-4, and I did another update from synaptic less than 8 hours ago.

With the problems I had recently with my rpm database I wondered if this was normal or if there was another issue with rpm?

Edit: forgot to paste my sources.list
This is what it looks like:
# Freshrpms.net apt-rpm package repository URLs
#
# http://apt.freshrpms.net/ will always have the most current version
# of this file.
#
# $Id: sources.list,v 1.5 2003/02/22 13:52:27 dude Exp $
#


# Red Hat Linux 8.0
rpm http://apt.freshrpms.net redhat/8.0/en/i386 os updates freshrpms
rpm-src http://apt.freshrpms.net redhat/8.0/en/i386 os updates freshrpms

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Apr 06, 2003 8:27 am

I don't believe it would be an RPM issue, sounds like an apt issue but I've not seen that behavior here. Are there any error messages if you do the "apt-get update" at a shell prompt that maybe Synaptic isn't showing? Also, what version of apt and synaptic are you currently running?

$ rpm -qa | egrep "apt|synaptic"

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Mon Apr 07, 2003 12:31 am

apt-0.5.5cnc4.1-fr1
apt-devel-0.5.5cnc4.1-fr1
kdeutils-laptop-3.0.3-3
synaptic-0.32-fr1

No errors when I do apt-get update from a terminal :?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Apr 07, 2003 1:31 am

Weird, all my machines are working fine, both RH8 and RH9. Maybe try switching your sources.list to point to ayo.freshrpms.net instead:

Code: Select all

rpm http://ayo.freshrpms.net redhat/8.0/i386 os updates freshrpms
rpm-src http://ayo.freshrpms.net redhat/8.0/i386 os updates freshrpms

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Mon Apr 07, 2003 9:56 am

This is sooooo strange!
Before changing my sources.list I tried to update them one last time and it did update.
eog, mutt and netpbm were highlighted and I installed them.

/me is confused!!!

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Apr 07, 2003 10:12 am

/me too. All I can say is that it is rare that there is a security alert that comes out that I care to fix immediately (within a few days). That's not to say I don't care about them but 99.9% of them can not be exploited on any of my machines because either I do not use or have installed the software with the vulnerabilities, or they are external exploits of software that I *do* use but only behind my firewall (not exposed beyond my internal network), etc. So for that software if it updates within a day that's fine, if it takes a week that's fine two.

Now for that other .1% that I do care about I usually fix before the apt repositories are updated and sometimes even fix before Red Hat has an update available to anyone (apply source patches directly from the project). An example of this is the two recent Sendmail vulnerabilities. I wasn't concerned about it for my home machines but I do run several external sendmail servers out on the internet. I patched them all days before Red Hat had a patch available. There were no known exploits for the vulnerability at the time I patched them but I do not take chances like that on my critical systems.

Finally, how do I know about vulnerabilites before the vendor announces it along with a patch? I'm on the CERT mailing list, something everyone should be on.

Post Reply