Dave Burns wrote:
There are some people who would like to both keep track of what files have changed on their systems (with tripwire or aide, etc.) and install security (and only security) updates. Doing a general yum update makes this practically infeasible, since several hundred files that tripwire tracks will likely change with every update.
I'm not sure that makes much sense with a bleeding-edge distro like fedora where the bugfix updates are often essential for operation.
Perhaps there is an opportunity for a new tool here, one that integrates yum and tripwire so that a yum update would not cause tripwire to generate 500 alerts. Or maybe people who care about tracking this stuff should just update stuff with security implications.
Yes, something that ran rpm to verify the files tripwire identifies as changed before complaining about them might work.
-- Les Mikesell lesmikesell@xxxxxxxxx
