- From: AJ Christensen <
>
- To: "
" <
>
- Subject: [chef] Re: Shellshock patching with Chef
- Date: Tue, 30 Sep 2014 11:26:41 +1300
yo,
On Tue, Sep 30, 2014 at 11:23 AM, Morgan Blackthorne
<
>
wrote:
>
I'm looking to see if there's a good way to help manage patching of
>
vulnerabilities with Chef. This Shellshock one seems to be a great example
>
of why Chef would be a helpful tool for the job, since it's just a package
>
in need of upgrading (bash).
>
>
My question is, what's the best way in Chef to say "for this distribution
>
and release, ensure that this package is at least at version X" without
>
potentially downgrading the package down the road? I want to set a minimum
>
bar, but I don't wan't to permanently pin the version.
I like pushing sec packages into a signed internal repository. Always
roll to latest. Makes the chef code simple(r), especially for managing
multiple edges.
Some providers support pessimistic version specifications (~>). They
may be of use.
--aj
>
>
Thoughts? Thanks!
>
>
--
>
~*~ StormeRider ~*~
>
>
"Every world needs its heroes [...] They inspire us to be better than we
>
are. And they protect from the darkness that's just around the corner."
>
>
(from Smallville Season 6x1: "Zod")
>
>
On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS
Archive powered by MHonArc 2.6.16.