Security Patches
by TVining from LinuxQuestions.org on (#6PD3B)
I have a few hundred Debian 11 machines deployed that are a highly customized Debian load.
Customer scans for known vulnerabilities, and currently, I tell the vendor, they develop a new build, I deploy the build (through software) at each customer site (about 60 sites), and by the time I get them all updated, the next round of scans comes out and well....
Is there a way that "I" can build a package that only updates the vulnerabilities?
We can't do a full apt-update/apt-upgrade due to all the other customized features. But can I build a package I load to a central server with only the 4 packages in question?
Background: I can't set up a full repository and about 1/2 of the machines are not accessible from/to the internet.
Not going into much more detail.
Customer scans for known vulnerabilities, and currently, I tell the vendor, they develop a new build, I deploy the build (through software) at each customer site (about 60 sites), and by the time I get them all updated, the next round of scans comes out and well....
Is there a way that "I" can build a package that only updates the vulnerabilities?
We can't do a full apt-update/apt-upgrade due to all the other customized features. But can I build a package I load to a central server with only the 4 packages in question?
Background: I can't set up a full repository and about 1/2 of the machines are not accessible from/to the internet.
Not going into much more detail.