How to stay updated about security vulnerabilities on Gentoo
One of the most basic and probably one of the most important thing you can do to keep your system less insecure, is to simply keep it updated. But—for obvious reasons—installing every single update might not always be the most desirable for thing for some users running Gentoo Linux.
Keeping yourself updated on all the possible security vulnerabilities for your packages isn’t an easy or fun task though. Thanks to the website Gentoo Linux Security Advisories (GLSA) that’s not an issue! All the security vulnerabilities and its solutions for Gentoo Linux gets published there for easy access.
And besides visiting the website itself, there’s also 3 optional and handy ways of easily staying informed about the news there; via a handy command-line tool, via e-mail and via two news feeds.
All the information mentioned below can be found on their website here: Stay informed – Gentoo Linux.
The command-line tool
The tool glsa-check comes bundled with the package app-portage/gentoolkit and it can check if any of your installed packages is affected:
$ glsa-check -t affected
This system is not affected by any of the listed GLSAs
It can do a few other things as well. To list all the available options just run glsa-check without any arguments.
All advisories are posted to the gentoo-announce mailing list. You can subscribe by sending an emtpy e-mail to gentoo-announce+subscribe@lists.gentoo.org. A confirmation e-mail will be sent back to you and you need to reply to the message to complete the subscription.
News feeds
They also offer two news feeds that you can subscribe to:
- RSS 2.0: https://security.gentoo.org/glsa/feed.rss
- Atom 1.4.3: https://security.gentoo.org/glsa/feed.atom