On Thu, Nov 7, 2024 at 5:18 PM Lichtinger, Bernhard < Bernhard.Lichtinger@lrz.de> wrote:
Hi,
I am looking for some advice: If we use the virtualenv install method, how does one keep track of security updates for all the installed dependencies?
I can think of: published. This might be impossible to achieve.
- Upgrade regularly all installed packages inside the virtualenv. This might break mailman3 if there are incompatible updates.
- Try to track all dependencies and check if there are security updates
- Security updates are so rare, we do not need to bother. ;)
I am no security expert, but what I know is that the MM3 installation pulls all the compatible packages during installation. Updating some may lead to incompatibilities/breakage. MM3 modules during updates will also pull in the correct versions of the packages. After that, we sit back and run :-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]