Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conservative package update #10

Closed
chris-rock opened this issue May 10, 2014 · 1 comment
Closed

Conservative package update #10

chris-rock opened this issue May 10, 2014 · 1 comment
Labels
enhancement

Comments

@chris-rock
Copy link
Member

We should separate package updates from hardening. The current version updates the dependencies for apt by using and upgrades the system on RHEL

The behavior for apt and yum is slightly different and should be harmonized. I propose, we do not a yum update because this would lead to package upgrades in production environments that we may not want.

  • make package upgrades optional
  • stick to a specific version of apt to ensure the same behavior
  • always update dependencies e.g. apt-get update
  • a default rerun should not update packages
@chris-rock
Copy link
Member Author

Fixed by #12
We do not fix the package versions in metadata until we get to know a specific issue.

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this issue Sep 16, 2016
@arlimus
Merge pull request dev-sec#10 from ehaselwanter/master
ae27f61 
fix foodcritic violations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris-rock