Re: (finished)Re: how to prevent security update installation during stretch installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/04/2018 07:39 PM, David Christensen wrote: > I do keep optical drives in the older machines because their BIOS can be > incompatible with bootable USB flash drives. these machines need to be trashed, they are generaly not so efficient regarding their power consumption. but you can try network booting. or in last way, you can move hard-disk in anothern machine more recent, and install on it. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEMXISaGZmF7NpMTZj6OuMS89alfsFAltmHc8ACgkQ6OuMS89a lftaLxAAqjfLJUdExnFmXsaHx1UWfp2gT7Y4NlGsdkncgpBzpdBilEno6STvfJx3 Y7PnPBq1K/T8xlZG4I9IiAi2cNVV+qP1J6yrfUvH4g4tIzD2uvVnhJ6EAtUmHTqb TgusmI/2lg9eC5Q9I8YW3OhuJZUq20hesAwDmEg0n0myXIhSigeRlG5M9bzZc+nC 95Da3AyVYTRf9OlcpAdSim0w4Jnh6YCEan06y7eLutalmRP/+6UxNuggSDQKoitZ RV3c/K6lMyYfdT+Y8yF+daJf3NpNvB7r7kDoAICkRXR1EcgoAFSZ0YFMuBaNy774 VpukS/9a0YShM0zdQE64Z4RoNVIMSOVTI9vVCgnUNh1y7Ih3yXSv0WVpPMzDYoAX k26ynCAD1DlPTgkoxyO+OpXMy6p/TlttUN+Ni9j1Zx8A7vU8RVFDFDTZ3RkDZe4d YRUda6v/wyjom2zOuChps+FGT7vPbAjRcM9cOCiqFOyJa2+IPWvJ2G+eovruc0bQ IdUX393xH65BrS0Hk8/rS27U5FG6oICFQD4pfOT+83VbYcAxxAzsi2A4DQcvI9Lc VAojbHoaK8q3g9RjghynBO17bDbnTemlaYXAD8NVFDfW1sV7SelpnTN5Gw9aUKe6 9y4811M5JdLo1oqVUqNB1pVggd2vhppK358n8GKQzyQ+hbhE2Xs= =mSyQ -END PGP SIGNATURE-
Re: (finished)Re: how to prevent security update installation during stretch installation
On 08/02/2018 01:05 AM, Long Wind wrote: to David Christensen: your solutions is complex, I assume you are referring to "configure your Internet gateway to block traffic between the host and the Internet". Learning about Internet gateways in general, and about your gateway in particular, is an important system administration skill. Effort invested here will pay many rewards going forward. and my cdrom is bad. if it's good, i can install by cdrom, with network disconnected. buy a new cdrom? cdrom is cheap, but IMHO internet has replaced cdrom, cdrom isn't useful except installing software. I tend to use USB flash drives, as many newer computers no longer include optical drives. But, I do keep optical drives in the older machines because their BIOS can be incompatible with bootable USB flash drives. to all: it seems that there's no easy answer to my question i may have to put up with security update It is best to keep your systems up-to-date with respect to security patches. hopefully this time debian 9.5 will not cause trouble (debian 9.4 with security update has problem) i'm not interested in spending any more energy on such trivial issue. Thanks to all who reply! Okay. David
Re: how to prevent security update installation during stretch installation
On 08/01/2018 01:00 AM, Long Wind wrote: i don't like security update because i suspect it cause problem (some packaged can't be installed) during stretch installation last time I suggest that you obtain the debian-9.5.0-amd64-xfce-CD-1.iso image (via jigdo), burn it to CD/USB, configure your Internet gateway to block the target host from connecting to the Internet, and install from local media only (e.g. do not select an package mirror during installation): https://www.debian.org/CD/jigdo-cd/ If it works, you're done. If it doesn't, start working backwards through the releases -- e.g. 9.4.0, 9.3.0, 9.2.0, etc.: https://cdimage.debian.org/cdimage/archive/ David
Re: how to prevent security update installation during stretch installation
On 8/1/18 1:00 AM, Long Wind wrote: > i don't like security update because i suspect it cause problem (some > packaged can't be installed) during stretch installation last time > > and i've used linux for a long time and i think it's stable even without > security update. and installing update always takes time and space, and > it offer little value I would beg to differ on the "little value" aspect. If you are still running Debian 9.0 (and not the latest version, 9.5) you are vulnerable to Meltdown, Spectre, various web browser exploits, and a whole host of other issues that are documented here: https://lists.debian.org/debian-security-announce/2017/threads.html https://lists.debian.org/debian-security-announce/2018/threads.html If you suspect a specific package has a problem due to a security update, I would file a bug against that package. But to blindly disregard security updates is irresponsible and dangerous.
Re: how to prevent security update installation during stretch installation
David Christensen wrote: > Why not? I guess because he's in China and internet costs relatively much there.
Re: how to prevent security update installation during stretch installation
On Tue, Jul 31, 2018 at 06:05:04PM -0700, David Christensen wrote: > On 07/31/2018 05:42 PM, Roberto C. Sánchez wrote: > > On Tue, Jul 31, 2018 at 05:36:41PM -0700, David Christensen wrote: > > > > > > One possibility is to configure your Internet gateway to block traffic > > > between the host and the Internet, and then install from CD-1, DVD-*, > > > BD-*, > > > etc., media. > > > > > An easier approach would be that when the installer asks "Would you like > > to use a network mirror?" you just answer "no." The installer will then > > only use the packages available on the install media you supply. > > The first half of my suggestion implies your suggestion. > > > The original post implies use of netinst media, which does not contain > enough packages to install a working Debian system (?). Thus, the second > half of my suggestion. > I should have read the entire thread before responding. Thanks for pointing out my oversight. You are correct that a netinst media does not have enough on it for a complete installation. However, that is sort of the point of the netinst media. Of course, another aspect of the way updates work in Debian is that when a point update is made all the security updates (and generally quite a few high priority non-security updates) become part of the stable release with an increased version number. For example in the last few weeks, Debian "Stretch" went from version 9.4 to 9.5. That sort of makes the "I want to install but I don't want security updates" not make any sense. Unless you get the install media for the first release of a new Stable before any point releases are made, you will end up with some security updates as part of your installation. Even then, the new stable release definitely also has security updates that are left over from the prior stable release (not all packages are refreshed from one release to the next). Regards, -Roberto -- Roberto C. Sánchez
Re: how to prevent security update installation during stretch installation
On 07/31/2018 05:42 PM, Roberto C. Sánchez wrote: On Tue, Jul 31, 2018 at 05:36:41PM -0700, David Christensen wrote: One possibility is to configure your Internet gateway to block traffic between the host and the Internet, and then install from CD-1, DVD-*, BD-*, etc., media. An easier approach would be that when the installer asks "Would you like to use a network mirror?" you just answer "no." The installer will then only use the packages available on the install media you supply. The first half of my suggestion implies your suggestion. The original post implies use of netinst media, which does not contain enough packages to install a working Debian system (?). Thus, the second half of my suggestion. David
Re: how to prevent security update installation during stretch installation
On Tue, Jul 31, 2018 at 05:36:41PM -0700, David Christensen wrote: > > One possibility is to configure your Internet gateway to block traffic > between the host and the Internet, and then install from CD-1, DVD-*, BD-*, > etc., media. > An easier approach would be that when the installer asks "Would you like to use a network mirror?" you just answer "no." The installer will then only use the packages available on the install media you supply. Regards, -Roberto -- Roberto C. Sánchez
Re: how to prevent security update installation during stretch installation
On 07/31/2018 02:56 PM, Long Wind wrote: i plan to install debian by network Okay. i don't like security update, Why not? how to do it? Thanks! One possibility is to configure your Internet gateway to block traffic between the host and the Internet, and then install from CD-1, DVD-*, BD-*, etc., media. David