I'm the type of admin that gets into a tool and as long as it keeps doing what I use it for, I don't often bother to learn much more about it. Yum is a good example of this. Since dep-hell is something I haven't seen in years yum just sort of keeps on updating my packages, installing new ones, etc. Other apps like PackageKit (a gui updater) have come along, but I've largely ignored them.
Recently, however, I discovered yum plugins and some of them are very helpful. yum-security is available in Red Hat Enterprise Linux and Fedora and can be installed by running:
yum install yum-security
If you're new to a yum plugin running "yum" will give you a list of all commands that yum can run, including those provided by plugins. The yum-security plugin can be used by running:
This will grab a list of potential updates and print a bit more information them then you would see with just "check-update"
On one of my Fedora 8 Boxes here are a list of some updates available:
FEDORA-2008-8377 bugfix postgresql-libs-8.2.10-1.fc8.i386 FEDORA-2008-8377 bugfix postgresql-plpython-8.2.10-1.fc8.i386 FEDORA-2008-8377 bugfix postgresql-python-8.2.10-1.fc8.i386 FEDORA-2008-8377 bugfix postgresql-server-8.2.10-1.fc8.i386 FEDORA-2008-7485 enhancement python-exif-1.0.8-1.fc8.noarch FEDORA-2008-7586 enhancement python-formencode-1.0.1-2.fc8.noarch FEDORA-2008-8364 security rkhunter-1.3.2-5.fc8.noarch FEDORA-2008-8179 bugfix samba-client-3.0.32-0.fc8.i386 FEDORA-2008-8179 bugfix samba-common-3.0.32-0.fc8.i386 FEDORA-2008-8378 bugfix selinux-policy-3.0.8-117.fc8.noarch FEDORA-2008-8378 bugfix selinux-policy-devel-3.0.8-117.fc8.noarch
The first field FEDORA-XXXX-XXXX refers to the update ID and is distribution specific. Fedora has an updates system called Bodhi that developers and contributors use to issue package updates. In this example more information about rkhunter's security update can be found at: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-8364. The update system will have information listed about what fix went out like, bugzilla, CVE or even just a comment by the packager. Users can also comment on the package and update at this location.
Alternatively one can get much of this information from yum-security itself with the "yum info-security" command:
$ yum info-security FEDORA-2008-8364 Loaded plugins: security
Update ID : FEDORA-2008-8364
Release : Fedora 8
Type : security
Status : stable
Issued : 2008-09-24 12:42:39
Bugs : 460628 - None
Files : rkhunter-1.3.2-5.fc8.noarch.rpm
This is very useful in environments that have an update schedule different from that of their distribution. By this I mean in environments where admins don't blindly run yum update regularly or automatically. If an update fails in a testing environment, it is likely it will cause the same problem in production. yum-security allows admins to quickly gather information about the updates and can them make the right decision as to whether or not to update. After all, if an update that breaks your environment only fixes a few minor bugs you weren't seeing, there's probably no reason to update it and you can take your time in finding the problem. If an update breaks your system and is a security update, then it's probably worth the time to take a closer look.
What I'm saying here is not only can yum-security provide easy access to update information, but it can fit in nicely to your update work flow. Give it a try. If it works well for you take a look at some of the other yum plugins like yum-allowdowngrade, yum-merge-conf, or yum-priorities.