yo,
On Tue, Sep 30, 2014 at 11:23 AM, Morgan Blackthorne
< "> > wrote:
> I'm looking to see if there's a good way to help manage patching of
> vulnerabilities with Chef. This Shellshock one seems to be a great example
> of why Chef would be a helpful tool for the job, since it's just a package
> in need of upgrading (bash).
>
> My question is, what's the best way in Chef to say "for this distribution
> and release, ensure that this package is at least at version X" without
> potentially downgrading the package down the road? I want to set a minimum
> bar, but I don't wan't to permanently pin the version.
I like pushing sec packages into a signed internal repository. Always
roll to latest. Makes the chef code simple(r), especially for managing
multiple edges.
Some providers support pessimistic version specifications (~>). They
may be of use.
--aj
>
> Thoughts? Thanks!
>
> --
> ~*~ StormeRider ~*~
>
> "Every world needs its heroes [...] They inspire us to be better than we
> are. And they protect from the darkness that's just around the corner."
>
> (from Smallville Season 6x1: "Zod")
>
> On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS
Archive powered by MHonArc 2.6.16.