3

What's the simplest way of getting notified of security updates for packages I have installed on my Debian system?

danorton
  • 735
  • 1
  • 8
  • 26
David Wolever
  • 2,267
  • 3
  • 24
  • 27

2 Answers2

8

I like setting up apticron. It willnotify by email and download, not install, the packages.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
2

There are many ways and packages to do this, but I think the simplest way is this cron job:

0 */8 * * *     apt-get -qq update && apt-get -dqq dist-upgrade && apt-get -qq --simulate dist-upgrade | grep ^Inst

This sends a mail to root whenever there is a package to be upgraded, which in a stable release means mostly security updates. As a general matter, you should of course redirect the root mail to somewhere you can read it.

I have been using this for some years in a personal environment, and it works great.

Peter Eisentraut
  • 3,665
  • 1
  • 24
  • 21
  • Every 8 hours? Isn't that a big excessive? – Zoredache Jan 24 '11 at 21:15
  • Zoredache: Excessive how? Security updates can happen any time, and even the regular mirror pushes are 4 times a day. So 8 hours are indeed excessively seldom. ;-) In fact, on newer installations I run similar probes hourly. – Peter Eisentraut Jan 24 '11 at 21:22
  • Excessive in that re-downloading the package databases that frequently would take a significant amount of bandwidth on repo servers, if you where pointing at the official repositories. If you are not using a local apt proxy, then doing that on lots of machines seems somewhat abusive to me. I find it somewhat difficult to believe that you are actually installing updates every 1 or 8 hours. If you want immediate notification of an update wouldn't it be better to subscribe to the security RSS & maillist? – Zoredache Jan 24 '11 at 23:14
  • apt-get does not re-download the entire package database. See pdiff files. If nothing changes, you end up downloading a few bytes. And yes, I do use local mirrors/proxies when appropriate. And yes, I do pull updates several times a day. The background of that is more complex, however, and might be the subject of another question. – Peter Eisentraut Jan 24 '11 at 23:30