[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Classified Updates2

On Tue, Apr 07, 2009 at 02:48:28PM -0500, Seann Clark wrote:
> Levesque, Michael wrote:
>> I just put a fresh install of Fedora 10 on a classified machine on a  
>> closed network. Is there a way that I can bring updates into the area  
>> since I can’t use yum?
> Best way to do it is get a list of packages to be updated (run yum on an  
> unclassified machine and get the package list) and download the RPM's for 
> those, either manually or using YUM. Then burn them to CD or DVD
> Next time you should do a fresh install on an Unclass system, get it  
> updated, get it moved into your Secure location, and maintain it from  
> there. I recommend using a more stable life cycle distro than Fedora so  
> you don't have to use as many discs to keep it up to date. This way it is 
> complaint with your IA group and easier to maintain.
> Military jargon is no different than financial jargon or computer jargon. 
> If you don't understand it, there shouldn't be a need to persecute those 
> who do. It isn't a conducive way to facilitate a community, and I take it 
> that is what this list is supposed to be, since the list is labeled as: 
> "Community assistance, encouragement, and advice for using Fedora".

Coming from a background where this jargon appeared frequently, I
understood what the OP meant perfectly.  Note that one person doesn't
necessarily speak for the whole community, so a negative reaction from
a single person shouldn't be taken as coming from all of us.

By the way, I pretty much agree with your answer here.  I had a
similar setup, and what I did there -- with approval, because
compliance with security policy is first and foremost in that kind of
environment -- was to simply mirror updates onto a storage medium, do
the necessary compliance procedures on that medium, and then use it to
transfer the updates to an internal mirror not on the external
network.  Machines on the network with the internal mirror used a DNS
that redirected calls to mirrors.fedoraproject.org, and I provided a
mirrorlist script that gave out the appropriate IP address and
directories for the update server.

Paul W. Frields                                http://paul.frields.org/
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717
  http://redhat.com/   -  -  -  -   http://pfrields.fedorapeople.org/
  irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug

Attachment: pgpn2yVhX58KE.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]