Re: sources.list 4 bullseye-security

2021-07-04 Thread Salvatore Bonaccorso 
Hi Paul,

On Sun, Jul 04, 2021 at 05:27:56AM +, Paul Wise wrote:
> On Sat, Jul 3, 2021 at 9:31 PM Salvatore Bonaccorso wrote:
> 
> > I have pushed
> > https://salsa.debian.org/webmaster-team/webwml/-/commit/4ca2253325130f7e96bf2644d31cf5a95fdf7bcc
> 
> Note that updating translations at the same time as the English page
> causes more work for the translation teams, who have to bump the
> translation check header. If you first commit the English change and
> then commit the translation changes, you can use ./smart_change.pl
> (see --help for instructions) to bump the translation check headers in
> the second commit.

Okay thanks for pointing that out, was surely not the intention to
cause more work.

> > Once bullseye will be released the example sources.list entry in
> > https://www.debian.org/security/#keeping-secure will need to be
> > adapted as well to match bullseye's sources.list entry for the
> > security archive.
> 
> I've made a commit that means this will be automatically updated at
> release time:
> 
> https://salsa.debian.org/webmaster-team/webwml/-/commit/06a365347b5545c26d162ef4887514d171f5dcd0

Thanks!

Regards,
Salvatore

Re: sources.list 4 bullseye-security

2021-07-03 Thread Paul Wise 
On Sat, Jul 3, 2021 at 9:31 PM Salvatore Bonaccorso wrote:

> I have pushed
> https://salsa.debian.org/webmaster-team/webwml/-/commit/4ca2253325130f7e96bf2644d31cf5a95fdf7bcc

Note that updating translations at the same time as the English page
causes more work for the translation teams, who have to bump the
translation check header. If you first commit the English change and
then commit the translation changes, you can use ./smart_change.pl
(see --help for instructions) to bump the translation check headers in
the second commit.

> Once bullseye will be released the example sources.list entry in
> https://www.debian.org/security/#keeping-secure will need to be
> adapted as well to match bullseye's sources.list entry for the
> security archive.

I've made a commit that means this will be automatically updated at
release time:

https://salsa.debian.org/webmaster-team/webwml/-/commit/06a365347b5545c26d162ef4887514d171f5dcd0

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: sources.list 4 bullseye-security

2021-07-03 Thread Salvatore Bonaccorso 
Hi,

On Sun, Jun 27, 2021 at 04:52:26PM -0400, Boyuan Yang wrote:
> Hi,
> 
> (This email originally appears on
> https://lists.debian.org/debian-www/2021/05/msg00017.html )
> 
> 在 2021-05-15星期六的 12:47 +0200,Harald Dunkel写道:
> > Hi folks,
> > 
> > Obviously
> > 
> > https://wiki.debian.org/NewInBullseye
> > and
> > https://www.debian.org/releases/bullseye/errata
> > 
> > disagree about the bullseye-security entry in sources.list. Not to
> > mention that the deb-src line is missing on both.
> 
> TL;DR: Both will work:
> 
> deb http://security.debian.org/debian-security bullseye-security main
> deb http://security.debian.org/ bullseye-security main
> 
> Besides, I believe end users are not supposed to know deb-src line for
> security repos. Adding such info provides zero benefit except for confusing
> users.
> 
> > I would highly appreciate a web page listing a full sources.list
> > file for bullseye,
> 
> I am forwarding your email to the security team in case they want a unified
> format on Debian webpages (www.debian.org and wiki.debian.org). Please contact
> the Debian WWW Team if a change is needed.

Please use the form which is used in the release-notes:

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive

I have pushed
https://salsa.debian.org/webmaster-team/webwml/-/commit/4ca2253325130f7e96bf2644d31cf5a95fdf7bcc
.

Once bullseye will be released the example sources.list entry in
https://www.debian.org/security/#keeping-secure will need to be
adapted as well to match bullseye's sources.list entry for the
security archive.

Regards,
Salvatore

Re: sources.list 4 bullseye-security

2021-06-28 Thread Holger Levsen 
On Sun, Jun 27, 2021 at 04:52:26PM -0400, Boyuan Yang wrote:
> Besides, I believe end users are not supposed to know deb-src line for
> security repos.

sure, they do! and of course we provide source for our security updates!

> Adding such info provides zero benefit except for confusing
> users.

surely not all users compile software, but some certainly do. I do.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

„Faschisten hören niemals auf, Faschisten zu sein
Man diskutiert mit ihnen nicht, hat die Geschichte gezeigt“...


signature.asc
Description: PGP signature

Re: sources.list 4 bullseye-security

2021-06-27 Thread Boyuan Yang 
Hi,

(This email originally appears on
https://lists.debian.org/debian-www/2021/05/msg00017.html )

在 2021-05-15星期六的 12:47 +0200,Harald Dunkel写道:
> Hi folks,
> 
> Obviously
> 
> https://wiki.debian.org/NewInBullseye
> and
> https://www.debian.org/releases/bullseye/errata
> 
> disagree about the bullseye-security entry in sources.list. Not to
> mention that the deb-src line is missing on both.

TL;DR: Both will work:

deb http://security.debian.org/debian-security bullseye-security main
deb http://security.debian.org/ bullseye-security main

Besides, I believe end users are not supposed to know deb-src line for
security repos. Adding such info provides zero benefit except for confusing
users.

> I would highly appreciate a web page listing a full sources.list
> file for bullseye,

I am forwarding your email to the security team in case they want a unified
format on Debian webpages (www.debian.org and wiki.debian.org). Please contact
the Debian WWW Team if a change is needed.

> Regards
> Harri

Regards,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Re: What is best practice for managing sources.list for security and stability?

2009-05-26 Thread john 
Thanks Thijs, Russ and Dan.

I appreciate the insight.

John


>>
>> Is the approach I outlined the "best" way to maintain the security and
>> stability of these box's or should I really be using the main
>> repositories as well?
>
> We maintain local mirrors of the main and security repos for the
> varieties of Debian we use (Etch and Lenny in i386 and AMD64
> flavors) plus a local repo of our own packages. All this can be
> considered staging: we can pull from it for a test box, and if
> it goes well, move the package into our production repo.
>
> This costs a bit in disk space (but not so much as it once did!)
> and saves a bit in bandwidth, which is really pronounced as
> "works faster when we need it".
>
> -dsr-
>
>
>
> --
> http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
>
> You can't defend freedom by getting rid of it.
>


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: What is best practice for managing sources.list for security and stability?

2009-05-25 Thread Dan Ritter 
On Mon, May 25, 2009 at 11:49:26AM -0700, john wrote:
> Hi all,
> 
> Perhaps this is a "it depends..." kind of question but here it goes:
> 
> I manage  several Debian boxes running Etch and Lenny. I installed
> Debian because I want long term stability and support for the
> applications
> running on the servers. After I build a box and get my applications
> tweaked I usually comment out everything except the security entries
> like so:
> 
> cat /etc/apt/sources.list
> 
> #deb http://ftp.us.debian.org/debian/ etch main
> #deb-src http://ftp.us.debian.org/debian/ etch main
> 
> deb http://security.debian.org/ etch/updates main contrib
> deb-src http://security.debian.org/ etch/updates main contrib
> 
> The recent key-change forced me to use the main stable repos to get
> the new keys (e.g apt-get install debian-archive-keyring )
> .  and got me thinking...
> 
> Is the approach I outlined the "best" way to maintain the security and
> stability of these box's or should I really be using the main
> repositories as well?

We maintain local mirrors of the main and security repos for the
varieties of Debian we use (Etch and Lenny in i386 and AMD64
flavors) plus a local repo of our own packages. All this can be
considered staging: we can pull from it for a test box, and if
it goes well, move the package into our production repo.

This costs a bit in disk space (but not so much as it once did!)
and saves a bit in bandwidth, which is really pronounced as
"works faster when we need it".

-dsr-



-- 
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.

You can't defend freedom by getting rid of it.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: What is best practice for managing sources.list for security and stability?

2009-05-25 Thread Russ Allbery 
john  writes:

> deb http://security.debian.org/ etch/updates main contrib
> deb-src http://security.debian.org/ etch/updates main contrib
>
> The recent key-change forced me to use the main stable repos to get
> the new keys (e.g apt-get install debian-archive-keyring )
> .  and got me thinking...
>
> Is the approach I outlined the "best" way to maintain the security and
> stability of these box's or should I really be using the main
> repositories as well?

We've never had any trouble using the main repositories as well.  You
get some additional more minor security bug fixes (DoS bugs, crashers,
and similar things) that way, the amount of change isn't much higher,
the stability for us has been fully as good as the security updates in
practice, and periodically there are things like the archive key change
that go into point releases that you want.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: What is best practice for managing sources.list for security and stability?

2009-05-25 Thread Thijs Kinkhorst 
Hi John,

On moandei 25 Maaie 2009, john wrote:
> The recent key-change forced me to use the main stable repos to get
> the new keys (e.g apt-get install debian-archive-keyring )
> .  and got me thinking...
>
> Is the approach I outlined the "best" way to maintain the security and
> stability of these box's or should I really be using the main
> repositories as well?

I understand where you're coming from, but I do recommend to enable the main 
repositories aswell. There are several reasons for that.

You may miss essential changes to keep the system running, like the APT 
keyrollover you mentioned; you also miss stability improvements, and less 
pressing security bugfixes which are released in stable point updates.
Packages are only let into a stable point update after they get a lot of 
scrutiny. Only packages are accepted that fix really serious bugs, or smaller 
security issues that do not warrant a DSA. The stable release managers review 
each package before it may enter. Packages are only added in a point release 
which is announced on debian-announce, so you can review the changes before 
installing them.


cheers,
Thijs


signature.asc
Description: This is a digitally signed message part.

What is best practice for managing sources.list for security and stability?

2009-05-25 Thread john 
Hi all,

Perhaps this is a "it depends..." kind of question but here it goes:

I manage  several Debian boxes running Etch and Lenny. I installed
Debian because I want long term stability and support for the
applications
running on the servers. After I build a box and get my applications
tweaked I usually comment out everything except the security entries
like so:

cat /etc/apt/sources.list

#deb http://ftp.us.debian.org/debian/ etch main
#deb-src http://ftp.us.debian.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

The recent key-change forced me to use the main stable repos to get
the new keys (e.g apt-get install debian-archive-keyring )
.  and got me thinking...

Is the approach I outlined the "best" way to maintain the security and
stability of these box's or should I really be using the main
repositories as well?

Thanks!

John


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: apt sources.list: inconsistency between sarge and stable

2005-08-30 Thread kurt kuene 
nope, there is no difference now, after the update. if it
 was before i can not tell anymore because i have updated all my hosts...



On Tue, 30 Aug 2005 15:46:37 +0100
Sam Morris <[EMAIL PROTECTED]> wrote:

> Is there a difference in the output of "apt-cache policy php4" when you 
> have a 'sarge' and a 'stable' line?
> 
> -- 
> Sam Morris
> http://robots.org.uk/
> 
> PGP key id 5EA01078
> 3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list: inconsistency between sarge and stable

2005-08-30 Thread Sam Morris 
Is there a difference in the output of "apt-cache policy php4" when you 
have a 'sarge' and a 'stable' line?


--
Sam Morris
http://robots.org.uk/

PGP key id 5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

apt sources.list: inconsistency between sarge and stable

2005-08-30 Thread kurt kuene 
hi

i run sarge.
there were the php4 (and more) security updates recently.

#---
my /etc/apt/sources.list contains this line:
deb http://security.debian.org/ sarge/updates main contrib non-free
--
now when i make:
apt-get update
apt-get upgrade
it will make the courier upgrade but not the php4 php4-mysql etc. upgrades.

#---
if i change the line in my /etc/apt/sources.list to:
deb http://security.debian.org/ stable/updates main contrib non-free
--
it will make all upgrades!

why is this inconsistency?
i think this is rather dangerous. i noticed it only by chance!
otherwise i would not have all updates!

so what is the difference in the apt sources.list between "sarge" and "stable"?

regards
kuene


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-23 Thread Olaf Meeuwissen 
Wichert Akkerman <[EMAIL PROTECTED]> writes:

> Previously Olaf Meeuwissen wrote:
> > For a truly stable Debian system, drop 
  
> >   deb http://http.us.debian.org/debian dists/potato-proposed-updates/
> 
> I wouldn't recommend that, on occasion a package makes it into
> proposed-updates that really should not be installed on a potato reason
> for some reason.

Uhm, I suggested to *drop* that line from one's sources.list.  Surely,
you would recommend that if packages in proposed-updates really should
not be installed on a potato machine, wouldn't you?
-- 
Olaf MeeuwissenEPSON KOWA Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-21 Thread vdongen 
-Original Message-
From: Wichert Akkerman <[EMAIL PROTECTED]>
Date: Fri, 21 Jun 2002 16:05:10 +0200
Subject: Re: sources.list for potato

> Previously Pavel Minev Penev wrote:
> > And there is no
> > 
> > deb http://non-us.debian.org/debian-security unstable/updates 
main
> contrib non-free
> > 
> > , is it?
> 
> No, and there never will be.
There is a very simple and understandable reason, the unstable archive 
is updated/fixed on the fly. So patches and security bugs are fixed 
while doing other upgrades. There is absolutely no need for a security 
line in sources.list

Greetings,

Ivo van Dongen
ISW Systeembeheer



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-21 Thread Wichert Akkerman 
Previously Pavel Minev Penev wrote:
> And there is no
> 
>   deb http://non-us.debian.org/debian-security unstable/updates main 
> contrib non-free
> 
> , is it?

No, and there never will be.

Wichert.

-- 
  _
 /[EMAIL PROTECTED] This space intentionally left occupied \
| [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-21 Thread Pavel Minev Penev 
On Fri, Jun 21, 2002 at 08:22:32AM +0900, Olaf Meeuwissen wrote:
> Mike Dresser <[EMAIL PROTECTED]> writes:
> 
> > Hate to beat a dead horse, but
> > 
> > 
> > deb http://http.us.debian.org/debian potato main contrib non-free
> > deb http://http.us.debian.org/debian dists/potato-proposed-updates/
> > 
> > deb http://non-us.debian.org/debian-non-US potato/non-US main contrib
> > non-free
> > deb http://non-us.debian.org/debian-security potato/updates main contrib
> > non-free
> > 
> > deb http://security.debian.org/debian-security potato/updates main contrib
> > non-free
> > 
> > 
> > is all I need on my sources.list for potato, right?
> > 
> > And when I move to woody someday, just s/potato/woody/, correct?
> 
> For a truly stable Debian system, drop 
> 
>   deb http://http.us.debian.org/debian dists/potato-proposed-updates/
> 
> (wait for official release updates) and then just s/potato/stable/g.
> Note that non-US is being phased out.

And there is no

deb http://non-us.debian.org/debian-security unstable/updates main 
contrib non-free

, is it?

-- 
Pav


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-21 Thread Jamie Heilman 
Wichert Akkerman wrote:

> Previously Olaf Meeuwissen wrote:
> > For a truly stable Debian system, drop 
> >   deb http://http.us.debian.org/debian dists/potato-proposed-updates/
> 
> I wouldn't recommend that, on occasion a package makes it into
> proposed-updates that really should not be installed on a potato reason
> for some reason.

Yeah, I second that.  If you're going to poke around in
prosposed-updates you should do it on a machine that isn't in
production, sometimes things like bug #121305 happen.  Speaking of
which, Wichert, as OpenLDAP is your baby now, you wanna close that old
bug out?  Ben never did and its pretty much moot now as that bad
package never made it into primetime.

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure."  -Rosencrantz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-21 Thread Wichert Akkerman 
Previously Olaf Meeuwissen wrote:
> For a truly stable Debian system, drop 
> 
>   deb http://http.us.debian.org/debian dists/potato-proposed-updates/

I wouldn't recommend that, on occasion a package makes it into
proposed-updates that really should not be installed on a potato reason
for some reason.

Wichert.

-- 
  _
 /[EMAIL PROTECTED] This space intentionally left occupied \
| [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Olaf Meeuwissen 
Mike Dresser <[EMAIL PROTECTED]> writes:

> > For a truly stable Debian system, drop
> >
> >   deb http://http.us.debian.org/debian dists/potato-proposed-updates/
> >
> > (wait for official release updates) and then just s/potato/stable/g.
> > Note that non-US is being phased out.
> 
> I've seen way too many packages that take too long to get into stable when
> there's security holes.

That's why you have 

  deb http://security.debian.org/ stable/updates main

at the top of your /etc/apt/sources.list, not?
-- 
Olaf MeeuwissenEPSON KOWA Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Olaf Meeuwissen 
Geoff Crompton <[EMAIL PROTECTED]> writes:

> > Oops!  I confused the "crypto in main" issue with non-US being phased
> > out.  Of course, the patented bits will stay in non-US so it will not
> > disappear in the foreseeable future.
> 
>   What is the 'cypto in main' issue? (Or better, have you got a URL
> on it?)  I searched the devel mailing archive for 'crypto AND in AND
> main' to no avail.

Try again for the debian-legal mailing archive and at

  http://www.debian.org/legal/cryptoinmain

HTH,
-- 
Olaf MeeuwissenEPSON KOWA Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Geoff Crompton 
On Fri, 21 Jun 2002 00:36, Olaf Meeuwissen wrote:
> Geoff Crompton <[EMAIL PROTECTED]> writes:
> > On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote:
> > > (wait for official release updates) and then just s/potato/stable/g.
> > > Note that non-US is being phased out.
> >
> >   Can you point me to the mail-archive thread that discusses this?(I
> > haven't been following debian lists for very long).
>
> Oops!  I confused the "crypto in main" issue with non-US being phased
> out.  Of course, the patented bits will stay in non-US so it will not
> disappear in the foreseeable future.

  What is the 'cypto in main' issue? (Or better, have you got a URL on it?)
I searched the devel mailing archive for 'crypto AND in AND main' to no
avail.

  Cheers
  Geoff Crompton


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Olaf Meeuwissen 
Geoff Crompton <[EMAIL PROTECTED]> writes:

> On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote:
> > (wait for official release updates) and then just s/potato/stable/g.
> > Note that non-US is being phased out.
> 
>   Can you point me to the mail-archive thread that discusses this?(I haven't 
> been following debian lists for very long).

Oops!  I confused the "crypto in main" issue with non-US being phased
out.  Of course, the patented bits will stay in non-US so it will not
disappear in the foreseeable future.
-- 
Olaf MeeuwissenEPSON KOWA Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Mike Dresser 
> For a truly stable Debian system, drop
>
>   deb http://http.us.debian.org/debian dists/potato-proposed-updates/
>
> (wait for official release updates) and then just s/potato/stable/g.
> Note that non-US is being phased out.

I've seen way too many packages that take too long to get into stable when
there's security holes.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Geoff Crompton 
On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote:
> (wait for official release updates) and then just s/potato/stable/g.
> Note that non-US is being phased out.

  Can you point me to the mail-archive thread that discusses this?(I haven't 
been following debian lists for very long).

  Cheers
  Geoff Crompton


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list for potato

2002-06-20 Thread Olaf Meeuwissen 
Mike Dresser <[EMAIL PROTECTED]> writes:

> Hate to beat a dead horse, but
> 
> 
> deb http://http.us.debian.org/debian potato main contrib non-free
> deb http://http.us.debian.org/debian dists/potato-proposed-updates/
> 
> deb http://non-us.debian.org/debian-non-US potato/non-US main contrib
> non-free
> deb http://non-us.debian.org/debian-security potato/updates main contrib
> non-free
> 
> deb http://security.debian.org/debian-security potato/updates main contrib
> non-free
> 
> 
> is all I need on my sources.list for potato, right?
> 
> And when I move to woody someday, just s/potato/woody/, correct?

For a truly stable Debian system, drop 

  deb http://http.us.debian.org/debian dists/potato-proposed-updates/

(wait for official release updates) and then just s/potato/stable/g.
Note that non-US is being phased out.
-- 
Olaf MeeuwissenEPSON KOWA Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

sources.list for potato

2002-06-20 Thread Mike Dresser 
Hate to beat a dead horse, but


deb http://http.us.debian.org/debian potato main contrib non-free
deb http://http.us.debian.org/debian dists/potato-proposed-updates/

deb http://non-us.debian.org/debian-non-US potato/non-US main contrib
non-free
deb http://non-us.debian.org/debian-security potato/updates main contrib
non-free

deb http://security.debian.org/debian-security potato/updates main contrib
non-free


is all I need on my sources.list for potato, right?

And when I move to woody someday, just s/potato/woody/, correct?

Mike


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Two questions about /etc/apt/sources.list

2001-10-23 Thread Steven Barker 
On Tue, Oct 23, 2001 at 04:51:13PM +0800, Zhenguang Mo (163) wrote:
> thanks for your help.
> basicaly, the following three line is good enough to keep my potato debian
> up to date?
> 
> deb http://http.us.debian.org/debian stable main contrib non-free
> (#for standard us debian)
> deb http://non-us.debian.org/debian-non-US stable/non-US main contrib
> non-free  (#for non-us debian)
> deb http://security.debian.org stable/updates main contrib non-free (# for
> security update)

Yes, these three lines are good.

> the last line is for BOTH standard us debian update AND non-us debian
> update, right?

Yes, stable/updates does include non-us packages (like ssh) so you should
be kept up on all security updates.

-- 
Steven Barker  [EMAIL PROTECTED]
  The bigger they are, the harder they hit.
Get my GnuPG public key at: http://www.blckknght.org/pubkey.asc
Fingerprint: 272A 3EC8 52CE F22B F745  775E 5292 F743 EBD5 936B

Re: Two questions about /etc/apt/sources.list

2001-10-23 Thread Steven Barker 

On Tue, Oct 23, 2001 at 04:51:13PM +0800, Zhenguang Mo (163) wrote:
> thanks for your help.
> basicaly, the following three line is good enough to keep my potato debian
> up to date?
> 
> deb http://http.us.debian.org/debian stable main contrib non-free
> (#for standard us debian)
> deb http://non-us.debian.org/debian-non-US stable/non-US main contrib
> non-free  (#for non-us debian)
> deb http://security.debian.org stable/updates main contrib non-free (# for
> security update)

Yes, these three lines are good.

> the last line is for BOTH standard us debian update AND non-us debian
> update, right?

Yes, stable/updates does include non-us packages (like ssh) so you should
be kept up on all security updates.

-- 
Steven Barker  [EMAIL PROTECTED]
  The bigger they are, the harder they hit.
Get my GnuPG public key at: http://www.blckknght.org/pubkey.asc
Fingerprint: 272A 3EC8 52CE F22B F745  775E 5292 F743 EBD5 936B


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: Two questions about /etc/apt/sources.list

2001-10-23 Thread Zhenguang Mo \(163\) 
thanks for your help.
basicaly, the following three line is good enough to keep my potato debian
up to date?

deb http://http.us.debian.org/debian stable main contrib non-free
(#for standard us debian)
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib
non-free(#for non-us debian)
deb http://security.debian.org stable/updates main contrib non-free (# for
security update)

the last line is for BOTH standard us debian update AND non-us debian
update, right?

good day
Mo
-Original Message-
From: Steven Barker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 23, 2001 4:06 PM
To: debian-security@lists.debian.org
Subject: Re: Two questions about /etc/apt/sources.list


On Tue, Oct 23, 2001 at 02:43:48PM +0800, Zhenguang Mo (163) wrote:
> Hi,
> 
> Q1: 
> is http://security.debian.org/dists/ and
> http://security.debian.org/debian-security/dists/ the same thing?

I'm pretty sure they are.  I can't seem to check as ftp won't let me ls
currently (I think that machine is still being upgraded, but maybe it just
doesn't like me tonight).

> Q2: do i also need to have a line saying
> deb http://security.debian.org/debian-non-US potato/non-US main
> contrib non-free
> for non-us update?

You discovered the wonders of virtual hosting.  Both non-us.debian.org and
security.debian.org are on the same machine (also known as
pandora.debian.org).  Depending on what hostname you use to access it, you
get a slightly different directory hierarchy.  I'm not quite sure what your
question is however.  You won't get non-us security updates by putting
 deb http://security.debian.org/debian-non-US potato/non-US main
in sources.list because that is the same as the line
 deb http://non-us.debian.org/debian-non-US potato/non-US main
which I presume you already have.  I think (and I hope somebody will correct
me if I'm wrong) that as the security updates are already being provided on
a non-us machine, they include non-us packages along with the regular ones.

-- 
Steven Barker  [EMAIL PROTECTED]
  You will stop at nothing to reach your objective, but only because your
  brakes are defective.
GnuPG public key: http://www.students.uiuc.edu/~scbarker/pubkey.asc
Fingerprint: 272A 3EC8 52CE F22B F745  775E 5292 F743 EBD5 936B


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

Re: Two questions about /etc/apt/sources.list

2001-10-23 Thread Steven Barker 
On Tue, Oct 23, 2001 at 02:43:48PM +0800, Zhenguang Mo (163) wrote:
> Hi,
> 
> Q1: 
> is http://security.debian.org/dists/ and
> http://security.debian.org/debian-security/dists/ the same thing?

I'm pretty sure they are.  I can't seem to check as ftp won't let me ls
currently (I think that machine is still being upgraded, but maybe it just
doesn't like me tonight).

> Q2: do i also need to have a line saying
> deb http://security.debian.org/debian-non-US potato/non-US main
> contrib non-free
> for non-us update?

You discovered the wonders of virtual hosting.  Both non-us.debian.org and
security.debian.org are on the same machine (also known as
pandora.debian.org).  Depending on what hostname you use to access it, you
get a slightly different directory hierarchy.  I'm not quite sure what your
question is however.  You won't get non-us security updates by putting
 deb http://security.debian.org/debian-non-US potato/non-US main
in sources.list because that is the same as the line
 deb http://non-us.debian.org/debian-non-US potato/non-US main
which I presume you already have.  I think (and I hope somebody will correct
me if I'm wrong) that as the security updates are already being provided on
a non-us machine, they include non-us packages along with the regular ones.

-- 
Steven Barker  [EMAIL PROTECTED]
  You will stop at nothing to reach your objective, but only because your
  brakes are defective.
GnuPG public key: http://www.students.uiuc.edu/~scbarker/pubkey.asc
Fingerprint: 272A 3EC8 52CE F22B F745  775E 5292 F743 EBD5 936B

Two questions about /etc/apt/sources.list

2001-10-23 Thread Zhenguang Mo \(163\) 
Hi,

Q1: 
is http://security.debian.org/dists/ and
http://security.debian.org/debian-security/dists/ the same thing?

Q2: do i also need to have a line saying
deb http://security.debian.org/debian-non-US potato/non-US main
contrib non-free
for non-us update?

thanks
Mo

RE: Two questions about /etc/apt/sources.list

2001-10-23 Thread Zhenguang Mo (163) 

thanks for your help.
basicaly, the following three line is good enough to keep my potato debian
up to date?

deb http://http.us.debian.org/debian stable main contrib non-free
(#for standard us debian)
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib
non-free(#for non-us debian)
deb http://security.debian.org stable/updates main contrib non-free (# for
security update)

the last line is for BOTH standard us debian update AND non-us debian
update, right?

good day
Mo
-Original Message-
From: Steven Barker [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 4:06 PM
To: [EMAIL PROTECTED]
Subject: Re: Two questions about /etc/apt/sources.list


On Tue, Oct 23, 2001 at 02:43:48PM +0800, Zhenguang Mo (163) wrote:
> Hi,
> 
> Q1: 
> is http://security.debian.org/dists/ and
> http://security.debian.org/debian-security/dists/ the same thing?

I'm pretty sure they are.  I can't seem to check as ftp won't let me ls
currently (I think that machine is still being upgraded, but maybe it just
doesn't like me tonight).

> Q2: do i also need to have a line saying
> deb http://security.debian.org/debian-non-US potato/non-US main
> contrib non-free
> for non-us update?

You discovered the wonders of virtual hosting.  Both non-us.debian.org and
security.debian.org are on the same machine (also known as
pandora.debian.org).  Depending on what hostname you use to access it, you
get a slightly different directory hierarchy.  I'm not quite sure what your
question is however.  You won't get non-us security updates by putting
 deb http://security.debian.org/debian-non-US potato/non-US main
in sources.list because that is the same as the line
 deb http://non-us.debian.org/debian-non-US potato/non-US main
which I presume you already have.  I think (and I hope somebody will correct
me if I'm wrong) that as the security updates are already being provided on
a non-us machine, they include non-us packages along with the regular ones.

-- 
Steven Barker  [EMAIL PROTECTED]
  You will stop at nothing to reach your objective, but only because your
  brakes are defective.
GnuPG public key: http://www.students.uiuc.edu/~scbarker/pubkey.asc
Fingerprint: 272A 3EC8 52CE F22B F745  775E 5292 F743 EBD5 936B


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Two questions about /etc/apt/sources.list

2001-10-23 Thread Steven Barker 

On Tue, Oct 23, 2001 at 02:43:48PM +0800, Zhenguang Mo (163) wrote:
> Hi,
> 
> Q1: 
> is http://security.debian.org/dists/ and
> http://security.debian.org/debian-security/dists/ the same thing?

I'm pretty sure they are.  I can't seem to check as ftp won't let me ls
currently (I think that machine is still being upgraded, but maybe it just
doesn't like me tonight).

> Q2: do i also need to have a line saying
> deb http://security.debian.org/debian-non-US potato/non-US main
> contrib non-free
> for non-us update?

You discovered the wonders of virtual hosting.  Both non-us.debian.org and
security.debian.org are on the same machine (also known as
pandora.debian.org).  Depending on what hostname you use to access it, you
get a slightly different directory hierarchy.  I'm not quite sure what your
question is however.  You won't get non-us security updates by putting
 deb http://security.debian.org/debian-non-US potato/non-US main
in sources.list because that is the same as the line
 deb http://non-us.debian.org/debian-non-US potato/non-US main
which I presume you already have.  I think (and I hope somebody will correct
me if I'm wrong) that as the security updates are already being provided on
a non-us machine, they include non-us packages along with the regular ones.

-- 
Steven Barker  [EMAIL PROTECTED]
  You will stop at nothing to reach your objective, but only because your
  brakes are defective.
GnuPG public key: http://www.students.uiuc.edu/~scbarker/pubkey.asc
Fingerprint: 272A 3EC8 52CE F22B F745  775E 5292 F743 EBD5 936B


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Two questions about /etc/apt/sources.list

2001-10-22 Thread Zhenguang Mo (163) 

Hi,

Q1: 
is http://security.debian.org/dists/ and
http://security.debian.org/debian-security/dists/ the same thing?

Q2: do i also need to have a line saying
deb http://security.debian.org/debian-non-US potato/non-US main
contrib non-free
for non-us update?

thanks
Mo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Daniel Jacobowitz 
On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
>Can I get a few recommendations on the proper sources.list for
>a system running woody, that includes the security updates?  I
>recently did an apt-get update && apt-get upgrade and the
>security updates cause dependancy issues that I couldn't
>recover from and made my system unbootable, since lilo was
>involved.  I'm scared to death to run another update/upgrade
>since I had to rebuild the system from scratch!

As others have said - don't do this :)

If security is especially important to you, run stable with security
updates, or track unstable daily and hope maintainers are responsive. 
We try to see that woody is in coherent shape just before release, but
we can't supply fixes for it on any more urgent basis.  It moves too
fast.

-- 
Daniel Jacobowitz   Carnegie Mellon University
MontaVista Software Debian GNU/Linux Developer

Re: apt sources.list

2001-08-21 Thread Daniel Jacobowitz 

On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
>Can I get a few recommendations on the proper sources.list for
>a system running woody, that includes the security updates?  I
>recently did an apt-get update && apt-get upgrade and the
>security updates cause dependancy issues that I couldn't
>recover from and made my system unbootable, since lilo was
>involved.  I'm scared to death to run another update/upgrade
>since I had to rebuild the system from scratch!

As others have said - don't do this :)

If security is especially important to you, run stable with security
updates, or track unstable daily and hope maintainers are responsive. 
We try to see that woody is in coherent shape just before release, but
we can't supply fixes for it on any more urgent basis.  It moves too
fast.

-- 
Daniel Jacobowitz   Carnegie Mellon University
MontaVista Software Debian GNU/Linux Developer


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Steven James 
Greetings,

A better solution might be to install Potato, then recompile the src debs from 
woody for the few packages that you actually need.

G'day,
sjames


Quoting Jeff Coppock <[EMAIL PROTECTED]>:

> Mike Renfro, 2001-Aug-21 14:40 -0500:
> > On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
> > 
> > >Can I get a few recommendations on the proper sources.list for a
> > >system running woody, that includes the security updates?
> > 
> > Woody would be my last choice for a automagically secure
> installation:
> > 
> > * it gets no packages of any kind that haven't been in unstable for
> >2
> >   weeks with no release-critical bugs. Security fixes are not an
> exception
> >   to this rule.
> > 
> > * most of the packages in security.debian.org have nearly identical
> >   versions to potato -- Debian tends not to upgrade versions to fix
> >   bugs, but instead backports patches into the current potato
> versions.
> >   This means that apt-get upgrade (or dist-upgrade) will tend to
> >   ignore security packages, since you'll already have a newer version
> >   installed. apt-get upgrade doesn't check dates, changelogs, or
> >   anything but the literal numeric version number.
> > 
> > Running stable+security.debian.org is really the only *easy*
> solution,
> > followed by running testing+(selected packages from unstable with
> > security updates and probably other changes, too), and lastly by
> > running fully unstable. Ok, those last two don't qualify as easy to
> me
> > at all.
> > 
> > For me, it's not even a question -- you want security, you run stable
> > and keep security.debian.org in your sources.list.
> > 
> > -- 
> > Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
> > 931 372-3601 / Tennessee Technological University --
> [EMAIL PROTECTED]
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> > 
> 
>Thanks for this explanation.  I see what you mean, if I want
>security updates.  
>
>I feel a bit stuck with woody though, since I want to use
>iptables instead of ipchains.  I think I'll remove the
>security source until I figure out a better way.
>
>thanks,
>jc
> 
> -- 
> 
> Jeff Coppock  Nortel Networks
> Systems Engineer  http://nortelnetworks.com
> Major Accts.  Santa Clara, CA
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 



-steven james, director of research, linux labs
LinuxBIOS Cluster Solutions 230 peachtree st nw ste 701
High-Speed Colocation, Hosting, atlanta.ga.us 30303
Web Design, Linux Hardware,http://www.linuxlabs.com
Development & Support Since 1995  404.577.7747 fax 404.577.7743
---

Re: apt sources.list

2001-08-21 Thread Philipp Schulte 
On Tue, Aug 21, 2001 at 01:24:16PM -0700, Jeff Coppock wrote: 

>I feel a bit stuck with woody though, since I want to use
>iptables instead of ipchains.  I think I'll remove the
>security source until I figure out a better way.

It is possible to run kernel 2.4.x (with iptables) on a potato
system. You just need to upgrade the modutils and util-linux packages
if you want to use modules with kernel 2.4
Phil

Re: apt sources.list

2001-08-21 Thread Eric N. Valor 

At 01:24 PM 8/21/2001 -0700, Jeff Coppock wrote:

Mike Renfro, 2001-Aug-21 14:40 -0500:
> On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
>
> >Can I get a few recommendations on the proper sources.list for a
> >system running woody, that includes the security updates?
>
> Woody would be my last choice for a automagically secure installation:

   Thanks for this explanation.  I see what you mean, if I want
   security updates.

   I feel a bit stuck with woody though, since I want to use
   iptables instead of ipchains.  I think I'll remove the
   security source until I figure out a better way.


If you want to use IPTables, simply upgrade your kernel.  ftp.kernel.org 
and schlurp down the linux-v2.4.x of your choice (I'm using 2.4.6 right 
now).  Then apt-get install iptables and you're set.




--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
[EMAIL PROTECTED]

- This Space Intentionally Left Blank -

Re: apt sources.list

2001-08-21 Thread Hubert Chan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> "Jeff" == Jeff Coppock <[EMAIL PROTECTED]> writes:

Jeff>I feel a bit stuck with woody though, since I want to use
Jeff> iptables instead of ipchains.  I think I'll remove the security
Jeff> source until I figure out a better way.

Adrian Bunk has all that you need for kernel 2.4.x on Potato (including
iptables):
http://people.debian.org/~bunk/debian/dists/potato/main/binary-i386/

- -- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/651854DF71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7gsjiZRhU33H9o38RAjeKAKC8L8mOFBJ/QzKG/iMUpHJr5M4HLwCg05EI
hjb88wvLOLp4O9eObhX+uV4=
=pBxt
-END PGP SIGNATURE-

Re: apt sources.list

2001-08-21 Thread Jeff Coppock 
Mike Renfro, 2001-Aug-21 14:40 -0500:
> On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
> 
> >Can I get a few recommendations on the proper sources.list for a
> >system running woody, that includes the security updates?
> 
> Woody would be my last choice for a automagically secure installation:
> 
> * it gets no packages of any kind that haven't been in unstable for >2
>   weeks with no release-critical bugs. Security fixes are not an exception
>   to this rule.
> 
> * most of the packages in security.debian.org have nearly identical
>   versions to potato -- Debian tends not to upgrade versions to fix
>   bugs, but instead backports patches into the current potato versions.
>   This means that apt-get upgrade (or dist-upgrade) will tend to
>   ignore security packages, since you'll already have a newer version
>   installed. apt-get upgrade doesn't check dates, changelogs, or
>   anything but the literal numeric version number.
> 
> Running stable+security.debian.org is really the only *easy* solution,
> followed by running testing+(selected packages from unstable with
> security updates and probably other changes, too), and lastly by
> running fully unstable. Ok, those last two don't qualify as easy to me
> at all.
> 
> For me, it's not even a question -- you want security, you run stable
> and keep security.debian.org in your sources.list.
> 
> -- 
> Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
> 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

   Thanks for this explanation.  I see what you mean, if I want
   security updates.  
   
   I feel a bit stuck with woody though, since I want to use
   iptables instead of ipchains.  I think I'll remove the
   security source until I figure out a better way.
   
   thanks,
   jc

-- 

Jeff CoppockNortel Networks
Systems Engineerhttp://nortelnetworks.com
Major Accts.Santa Clara, CA

Re: apt sources.list

2001-08-21 Thread Mike Renfro 
On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:

>Can I get a few recommendations on the proper sources.list for a
>system running woody, that includes the security updates?

Woody would be my last choice for a automagically secure installation:

* it gets no packages of any kind that haven't been in unstable for >2
  weeks with no release-critical bugs. Security fixes are not an exception
  to this rule.

* most of the packages in security.debian.org have nearly identical
  versions to potato -- Debian tends not to upgrade versions to fix
  bugs, but instead backports patches into the current potato versions.
  This means that apt-get upgrade (or dist-upgrade) will tend to
  ignore security packages, since you'll already have a newer version
  installed. apt-get upgrade doesn't check dates, changelogs, or
  anything but the literal numeric version number.

Running stable+security.debian.org is really the only *easy* solution,
followed by running testing+(selected packages from unstable with
security updates and probably other changes, too), and lastly by
running fully unstable. Ok, those last two don't qualify as easy to me
at all.

For me, it's not even a question -- you want security, you run stable
and keep security.debian.org in your sources.list.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Steven James 

Greetings,

A better solution might be to install Potato, then recompile the src debs from woody 
for the few packages that you actually need.

G'day,
sjames


Quoting Jeff Coppock <[EMAIL PROTECTED]>:

> Mike Renfro, 2001-Aug-21 14:40 -0500:
> > On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
> > 
> > >Can I get a few recommendations on the proper sources.list for a
> > >system running woody, that includes the security updates?
> > 
> > Woody would be my last choice for a automagically secure
> installation:
> > 
> > * it gets no packages of any kind that haven't been in unstable for
> >2
> >   weeks with no release-critical bugs. Security fixes are not an
> exception
> >   to this rule.
> > 
> > * most of the packages in security.debian.org have nearly identical
> >   versions to potato -- Debian tends not to upgrade versions to fix
> >   bugs, but instead backports patches into the current potato
> versions.
> >   This means that apt-get upgrade (or dist-upgrade) will tend to
> >   ignore security packages, since you'll already have a newer version
> >   installed. apt-get upgrade doesn't check dates, changelogs, or
> >   anything but the literal numeric version number.
> > 
> > Running stable+security.debian.org is really the only *easy*
> solution,
> > followed by running testing+(selected packages from unstable with
> > security updates and probably other changes, too), and lastly by
> > running fully unstable. Ok, those last two don't qualify as easy to
> me
> > at all.
> > 
> > For me, it's not even a question -- you want security, you run stable
> > and keep security.debian.org in your sources.list.
> > 
> > -- 
> > Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
> > 931 372-3601 / Tennessee Technological University --
> [EMAIL PROTECTED]
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> > 
> 
>Thanks for this explanation.  I see what you mean, if I want
>security updates.  
>
>I feel a bit stuck with woody though, since I want to use
>iptables instead of ipchains.  I think I'll remove the
>security source until I figure out a better way.
>
>thanks,
>jc
> 
> -- 
> 
> Jeff Coppock  Nortel Networks
> Systems Engineer  http://nortelnetworks.com
> Major Accts.  Santa Clara, CA
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 



-steven james, director of research, linux labs
LinuxBIOS Cluster Solutions 230 peachtree st nw ste 701
High-Speed Colocation, Hosting, atlanta.ga.us 30303
Web Design, Linux Hardware,http://www.linuxlabs.com
Development & Support Since 1995  404.577.7747 fax 404.577.7743
---


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Philipp Schulte 

On Tue, Aug 21, 2001 at 01:24:16PM -0700, Jeff Coppock wrote: 

>I feel a bit stuck with woody though, since I want to use
>iptables instead of ipchains.  I think I'll remove the
>security source until I figure out a better way.

It is possible to run kernel 2.4.x (with iptables) on a potato
system. You just need to upgrade the modutils and util-linux packages
if you want to use modules with kernel 2.4
Phil


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Eric N. Valor 

At 01:24 PM 8/21/2001 -0700, Jeff Coppock wrote:
>Mike Renfro, 2001-Aug-21 14:40 -0500:
> > On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
> >
> > >Can I get a few recommendations on the proper sources.list for a
> > >system running woody, that includes the security updates?
> >
> > Woody would be my last choice for a automagically secure installation:
>
>Thanks for this explanation.  I see what you mean, if I want
>security updates.
>
>I feel a bit stuck with woody though, since I want to use
>iptables instead of ipchains.  I think I'll remove the
>security source until I figure out a better way.

If you want to use IPTables, simply upgrade your kernel.  ftp.kernel.org 
and schlurp down the linux-v2.4.x of your choice (I'm using 2.4.6 right 
now).  Then apt-get install iptables and you're set.



--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
[EMAIL PROTECTED]

- This Space Intentionally Left Blank -


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Stig Brautaset 
* Jeff Coppock <[EMAIL PROTECTED]> spake thus:
>Can I get a few recommendations on the proper sources.list for
>a system running woody, that includes the security updates?  I
>recently did an apt-get update && apt-get upgrade and the
>security updates cause dependancy issues that I couldn't
>recover from and made my system unbootable, since lilo was
>involved.  I'm scared to death to run another update/upgrade
>since I had to rebuild the system from scratch!

I think that running dist-upgrade instead of merely upgrade will be a
good idea with woody/sid. I am not sure that it may have caused your
trouble however, there are probably more knowledgable people on the list
that can answer that though.


Regards, Stig
-- 
www.brautaset.org

Re: apt sources.list

2001-08-21 Thread Hubert Chan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> "Jeff" == Jeff Coppock <[EMAIL PROTECTED]> writes:

Jeff>I feel a bit stuck with woody though, since I want to use
Jeff> iptables instead of ipchains.  I think I'll remove the security
Jeff> source until I figure out a better way.

Adrian Bunk has all that you need for kernel 2.4.x on Potato (including
iptables):
http://people.debian.org/~bunk/debian/dists/potato/main/binary-i386/

- -- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/651854DF71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7gsjiZRhU33H9o38RAjeKAKC8L8mOFBJ/QzKG/iMUpHJr5M4HLwCg05EI
hjb88wvLOLp4O9eObhX+uV4=
=pBxt
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

apt sources.list

2001-08-21 Thread Jeff Coppock 
   Can I get a few recommendations on the proper sources.list for
   a system running woody, that includes the security updates?  I
   recently did an apt-get update && apt-get upgrade and the
   security updates cause dependancy issues that I couldn't
   recover from and made my system unbootable, since lilo was
   involved.  I'm scared to death to run another update/upgrade
   since I had to rebuild the system from scratch!
   
   thanks,
   jc
   
-- 

Jeff CoppockNortel Networks
Systems Engineerhttp://nortelnetworks.com
Major Accts.Santa Clara, CA

Re: apt sources.list

2001-08-21 Thread Jeff Coppock 

Mike Renfro, 2001-Aug-21 14:40 -0500:
> On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
> 
> >Can I get a few recommendations on the proper sources.list for a
> >system running woody, that includes the security updates?
> 
> Woody would be my last choice for a automagically secure installation:
> 
> * it gets no packages of any kind that haven't been in unstable for >2
>   weeks with no release-critical bugs. Security fixes are not an exception
>   to this rule.
> 
> * most of the packages in security.debian.org have nearly identical
>   versions to potato -- Debian tends not to upgrade versions to fix
>   bugs, but instead backports patches into the current potato versions.
>   This means that apt-get upgrade (or dist-upgrade) will tend to
>   ignore security packages, since you'll already have a newer version
>   installed. apt-get upgrade doesn't check dates, changelogs, or
>   anything but the literal numeric version number.
> 
> Running stable+security.debian.org is really the only *easy* solution,
> followed by running testing+(selected packages from unstable with
> security updates and probably other changes, too), and lastly by
> running fully unstable. Ok, those last two don't qualify as easy to me
> at all.
> 
> For me, it's not even a question -- you want security, you run stable
> and keep security.debian.org in your sources.list.
> 
> -- 
> Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
> 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

   Thanks for this explanation.  I see what you mean, if I want
   security updates.  
   
   I feel a bit stuck with woody though, since I want to use
   iptables instead of ipchains.  I think I'll remove the
   security source until I figure out a better way.
   
   thanks,
   jc

-- 

Jeff CoppockNortel Networks
Systems Engineerhttp://nortelnetworks.com
Major Accts.Santa Clara, CA


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Mike Renfro 

On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:

>Can I get a few recommendations on the proper sources.list for a
>system running woody, that includes the security updates?

Woody would be my last choice for a automagically secure installation:

* it gets no packages of any kind that haven't been in unstable for >2
  weeks with no release-critical bugs. Security fixes are not an exception
  to this rule.

* most of the packages in security.debian.org have nearly identical
  versions to potato -- Debian tends not to upgrade versions to fix
  bugs, but instead backports patches into the current potato versions.
  This means that apt-get upgrade (or dist-upgrade) will tend to
  ignore security packages, since you'll already have a newer version
  installed. apt-get upgrade doesn't check dates, changelogs, or
  anything but the literal numeric version number.

Running stable+security.debian.org is really the only *easy* solution,
followed by running testing+(selected packages from unstable with
security updates and probably other changes, too), and lastly by
running fully unstable. Ok, those last two don't qualify as easy to me
at all.

For me, it's not even a question -- you want security, you run stable
and keep security.debian.org in your sources.list.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt sources.list

2001-08-21 Thread Stig Brautaset 

* Jeff Coppock <[EMAIL PROTECTED]> spake thus:
>Can I get a few recommendations on the proper sources.list for
>a system running woody, that includes the security updates?  I
>recently did an apt-get update && apt-get upgrade and the
>security updates cause dependancy issues that I couldn't
>recover from and made my system unbootable, since lilo was
>involved.  I'm scared to death to run another update/upgrade
>since I had to rebuild the system from scratch!

I think that running dist-upgrade instead of merely upgrade will be a
good idea with woody/sid. I am not sure that it may have caused your
trouble however, there are probably more knowledgable people on the list
that can answer that though.


Regards, Stig
-- 
www.brautaset.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

apt sources.list

2001-08-21 Thread Jeff Coppock 

   Can I get a few recommendations on the proper sources.list for
   a system running woody, that includes the security updates?  I
   recently did an apt-get update && apt-get upgrade and the
   security updates cause dependancy issues that I couldn't
   recover from and made my system unbootable, since lilo was
   involved.  I'm scared to death to run another update/upgrade
   since I had to rebuild the system from scratch!
   
   thanks,
   jc
   
-- 

Jeff CoppockNortel Networks
Systems Engineerhttp://nortelnetworks.com
Major Accts.Santa Clara, CA


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-13 Thread Jerome Demeyer 
You could mirror the nearest debian's ftp mirror, make your box an internal ftp 
server, with proftpd for example.
next, on the other boxes, you do an apt-config where you set your source as a 
ftp server, obviously yours... et voilà !

Jerome Demeyer.

- Original Message - 
From: Giacomo Mulas <[EMAIL PROTECTED]>
To: security debian 
Sent: Tuesday, February 13, 2001 11:41 AM
Subject: Re: sources.list


> On Sat, 10 Feb 2001, Duane Powers wrote:
> 
> > I have a question - I have a dozen boxen that I am maintaining, all with 
> > Debian ( almost all potato - one woody) I would like to save bandwidth 
> > and centralize administration by utilizing one of the boxes as a apt-get 
> > source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> > box, and save all the .deb's then use those .deb's for the other boxen 
> > without actually mirroring the whole debian site.
> 
> Here is one way to do it: 
> 
> - install a web proxy (e.g. squid) on one of your computers
> - direct apt to go through the proxy (you need to add one line to the apt
> configuration file, I don't quite remember the syntax but you will find it
> in the man page)
> 
> In this way, the first box you upgrade will cause the proxy server to
> download the packages, all the subsequent ones will get the cached file.
> 
> Bye
> Giacomo
>

Re: sources.list

2001-02-13 Thread Giacomo Mulas 
On Sat, 10 Feb 2001, Duane Powers wrote:

> I have a question - I have a dozen boxen that I am maintaining, all with 
> Debian ( almost all potato - one woody) I would like to save bandwidth 
> and centralize administration by utilizing one of the boxes as a apt-get 
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> box, and save all the .deb's then use those .deb's for the other boxen 
> without actually mirroring the whole debian site.

Here is one way to do it: 

- install a web proxy (e.g. squid) on one of your computers
- direct apt to go through the proxy (you need to add one line to the apt
configuration file, I don't quite remember the syntax but you will find it
in the man page)

In this way, the first box you upgrade will cause the proxy server to
download the packages, all the subsequent ones will get the cached file.

Bye
Giacomo

_

Giacomo Mulas <[EMAIL PROTECTED], [EMAIL PROTECTED]>
_

OSSERVATORIO  ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_

"When the storms are raging around you, stay right where you are"
 (Freddy Mercury)
_

Re: sources.list

2001-02-13 Thread Jerome Demeyer 

You could mirror the nearest debian's ftp mirror, make your box an internal ftp 
server, with proftpd for example.
next, on the other boxes, you do an apt-config where you set your source as a ftp 
server, obviously yours... et voilà !

Jerome Demeyer.

- Original Message - 
From: Giacomo Mulas <[EMAIL PROTECTED]>
To: security debian <[EMAIL PROTECTED]>
Sent: Tuesday, February 13, 2001 11:41 AM
Subject: Re: sources.list


> On Sat, 10 Feb 2001, Duane Powers wrote:
> 
> > I have a question - I have a dozen boxen that I am maintaining, all with 
> > Debian ( almost all potato - one woody) I would like to save bandwidth 
> > and centralize administration by utilizing one of the boxes as a apt-get 
> > source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> > box, and save all the .deb's then use those .deb's for the other boxen 
> > without actually mirroring the whole debian site.
> 
> Here is one way to do it: 
> 
> - install a web proxy (e.g. squid) on one of your computers
> - direct apt to go through the proxy (you need to add one line to the apt
> configuration file, I don't quite remember the syntax but you will find it
> in the man page)
> 
> In this way, the first box you upgrade will cause the proxy server to
> download the packages, all the subsequent ones will get the cached file.
> 
> Bye
> Giacomo
> 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-13 Thread Giacomo Mulas 

On Sat, 10 Feb 2001, Duane Powers wrote:

> I have a question - I have a dozen boxen that I am maintaining, all with 
> Debian ( almost all potato - one woody) I would like to save bandwidth 
> and centralize administration by utilizing one of the boxes as a apt-get 
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> box, and save all the .deb's then use those .deb's for the other boxen 
> without actually mirroring the whole debian site.

Here is one way to do it: 

- install a web proxy (e.g. squid) on one of your computers
- direct apt to go through the proxy (you need to add one line to the apt
configuration file, I don't quite remember the syntax but you will find it
in the man page)

In this way, the first box you upgrade will cause the proxy server to
download the packages, all the subsequent ones will get the cached file.

Bye
Giacomo

_

Giacomo Mulas <[EMAIL PROTECTED], [EMAIL PROTECTED]>
_

OSSERVATORIO  ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_

"When the storms are raging around you, stay right where you are"
 (Freddy Mercury)
_


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-12 Thread Fraser Campbell 
Duane Powers <[EMAIL PROTECTED]> writes:

> I have a question - I have a dozen boxen that I am maintaining, all with 
> Debian ( almost all potato - one woody) I would like to save bandwidth 
> and centralize administration by utilizing one of the boxes as a apt-get 
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> box, and save all the .deb's then use those .deb's for the other boxen 
> without actually mirroring the whole debian site.

I've taken the simple route ... squid.  Install squid, on all your boxes
export the http_proxy (and/or ftp_proxy) environment variable.  apt-get will
pull everything through squid.  The next box you upgrade will have cached
.debs in squid.  This of course doesn't save things permanently which may be
what you want.

Someone mentioned apt-proxy, there is also apt-move which will take
/var/cache/apt/archives/*.deb and move them into a local Debian heirarchy.

-- 
fraser campbell <[EMAIL PROTECTED]>  starnix inc.
tollfree: (905) 771-0017thornhill, ontario, canada
http://www.starnix.com/ professional linux services & products

Re: sources.list

2001-02-12 Thread Fraser Campbell 

Duane Powers <[EMAIL PROTECTED]> writes:

> I have a question - I have a dozen boxen that I am maintaining, all with 
> Debian ( almost all potato - one woody) I would like to save bandwidth 
> and centralize administration by utilizing one of the boxes as a apt-get 
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> box, and save all the .deb's then use those .deb's for the other boxen 
> without actually mirroring the whole debian site.

I've taken the simple route ... squid.  Install squid, on all your boxes
export the http_proxy (and/or ftp_proxy) environment variable.  apt-get will
pull everything through squid.  The next box you upgrade will have cached
.debs in squid.  This of course doesn't save things permanently which may be
what you want.

Someone mentioned apt-proxy, there is also apt-move which will take
/var/cache/apt/archives/*.deb and move them into a local Debian heirarchy.

-- 
fraser campbell <[EMAIL PROTECTED]>  starnix inc.
tollfree: (905) 771-0017thornhill, ontario, canada
http://www.starnix.com/ professional linux services & products


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-11 Thread Duane Powers 
Matthew H. Ray wrote:
Duane Powers wrote:
  I have a question - I have a dozen boxen that I am maintaining, all withDebian ( almost all potato - one woody) I would like to save bandwidthand centralize administration by utilizing one of the boxes as a apt-getsource. then I can apt-get update ; apt-get dist-upgrade ; done, on onebox, and save all the .deb's then use those .deb's for the other boxenwithout actually mirroring the whole debian site.I know it's configurable - I don't know how.I read the man for sources.list, but I don't know how to set up thewebserver to understand the following;
I have a very similiar setup at work.  There's a debian package calledmirror (apt-get install mirror) that comes with examples that can beused to mirror a Debian mirror (tweak to exclude what you don't need (inmy case everything but i386).  Install it on a box that has a couple ofgigs of HD space for setting up your private mirror.  Then setupanonymous FTP on the mirror box.  Once you have your server mirroringproperly, you simply insert the lines into your sources.list of each ofyour boxen.  Here's mine.deb ftp://internal_mirror potato main contrib non-freedeb ftp://internal_mirror dists/proposed-updates/deb http://non-us.debian.org potato/non-US main contrib non-freedeb http://security.debian.org potato/updates main contrib non-freedeb ftp://ftp.twoguys.org/debian potato main contrib non-freedeb ftp://ftp.twoguys.org/debian dists/proposed-updates/If something isn't on the internal mirror, it pulls it off of theexternal mirror.  Add the mirror call into your crontab (mine updatesnightly at 3 am).

Thanks to everyone for the prompt (and great ) responses, I've implemented
a setup like the above, and it seems to be working, thanks again 

~duane

Re: sources.list

2001-02-11 Thread Duane Powers 
Matthew H. Ray wrote:
[EMAIL PROTECTED]">Duane Powers wrote:
  I have a question - I have a dozen boxen that I am maintaining, all withDebian ( almost all potato - one woody) I would like to save bandwidthand centralize administration by utilizing one of the boxes as a apt-getsource. then I can apt-get update ; apt-get dist-upgrade ; done, on onebox, and save all the .deb's then use those .deb's for the other boxenwithout actually mirroring the whole debian site.I know it's configurable - I don't know how.I read the man for sources.list, but I don't know how to set up thewebserver to understand the following;
I have a very similiar setup at work.  There's a debian package calledmirror (apt-get install mirror) that comes with examples that can beused to mirror a Debian mirror (tweak to exclude what you don't need (inmy case everything but i386).  Install it on a box that has a couple ofgigs of HD space for setting up your private mirror.  Then setupanonymous FTP on the mirror box.  Once you have your server mirroringproperly, you simply insert the lines into your sources.list of each ofyour boxen.  Here's mine.deb ftp://internal_mirror potato main contrib non-freedeb ftp://internal_mirror dists/proposed-updates/deb http://non-us.debian.org potato/non-US main contrib non-freedeb http://security.debian.org potato/updates main contrib non-freedeb ftp://ftp.twoguys.org/debian potato main contrib non-freedeb ftp://ftp.twoguys.org/debian dists/proposed-updates/If something isn't on the internal mirror, it pulls it off of theexternal mirror.  Add the mirror call into your crontab (mine updatesnightly at 3 am).

Thanks to everyone for the prompt (and great ) responses, I've implemented
a setup like the above, and it seems to be working, thanks again 

~duane
[EMAIL PROTECTED]">

Re: sources.list

2001-02-10 Thread \"CHiPs\" 
"Matthew H. Ray" wrote:
> 
> Duane Powers wrote:
> >
> > I have a question - I have a dozen boxen that I am maintaining, all with
> > Debian ( almost all potato - one woody) I would like to save bandwidth
> > and centralize administration by utilizing one of the boxes as a apt-get
> > source. then I can apt-get update ; apt-get dist-upgrade ; done, on one
> > box, and save all the .deb's then use those .deb's for the other boxen
> > without actually mirroring the whole debian site.
> >
> > I know it's configurable - I don't know how.
> > I read the man for sources.list, but I don't know how to set up the
> > webserver to understand the following;
> 
> I have a very similiar setup at work.  There's a debian package called
> mirror (apt-get install mirror) that comes with examples that can be
> used to mirror a Debian mirror (tweak to exclude what you don't need (in
> my case everything but i386).  Install it on a box that has a couple of
> gigs of HD space for setting up your private mirror.  Then setup
> anonymous FTP on the mirror box.  Once you have your server mirroring
> properly, you simply insert the lines into your sources.list of each of
> your boxen.  Here's mine.

If the installed packages the machines are close enough, you can save 
HD space using apt-move (woody v4 is far more better than potato v3 and 
works well when compiled on potato), and setup a local mirror for the 
installed packages of the reference machine.

You can then have apache or another HTTP server (or an FTP server) 
distribute this packages to the other machines.

Hope that helps !

-- 
Christophe "CHiPs" PETIT <[EMAIL PROTECTED]>   http://chips.free.fr/
Linux-Nantes: Partagez Votre Savoir   http://www.linux-nantes.fr.eu.org/
http://www.debian.org/  Debian: When Code Matters More Than Commercials.
 11:38pm  up 6 days, 11:17,  1 user,  load average: 0.13, 0.17, 0.12

Re: sources.list

2001-02-10 Thread \"CHiPs\" 

"Matthew H. Ray" wrote:
> 
> Duane Powers wrote:
> >
> > I have a question - I have a dozen boxen that I am maintaining, all with
> > Debian ( almost all potato - one woody) I would like to save bandwidth
> > and centralize administration by utilizing one of the boxes as a apt-get
> > source. then I can apt-get update ; apt-get dist-upgrade ; done, on one
> > box, and save all the .deb's then use those .deb's for the other boxen
> > without actually mirroring the whole debian site.
> >
> > I know it's configurable - I don't know how.
> > I read the man for sources.list, but I don't know how to set up the
> > webserver to understand the following;
> 
> I have a very similiar setup at work.  There's a debian package called
> mirror (apt-get install mirror) that comes with examples that can be
> used to mirror a Debian mirror (tweak to exclude what you don't need (in
> my case everything but i386).  Install it on a box that has a couple of
> gigs of HD space for setting up your private mirror.  Then setup
> anonymous FTP on the mirror box.  Once you have your server mirroring
> properly, you simply insert the lines into your sources.list of each of
> your boxen.  Here's mine.

If the installed packages the machines are close enough, you can save 
HD space using apt-move (woody v4 is far more better than potato v3 and 
works well when compiled on potato), and setup a local mirror for the 
installed packages of the reference machine.

You can then have apache or another HTTP server (or an FTP server) 
distribute this packages to the other machines.

Hope that helps !

-- 
Christophe "CHiPs" PETIT <[EMAIL PROTECTED]>   http://chips.free.fr/
Linux-Nantes: Partagez Votre Savoir   http://www.linux-nantes.fr.eu.org/
http://www.debian.org/  Debian: When Code Matters More Than Commercials.
 11:38pm  up 6 days, 11:17,  1 user,  load average: 0.13, 0.17, 0.12


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-10 Thread Matthew H. Ray 
Duane Powers wrote:
> 
> I have a question - I have a dozen boxen that I am maintaining, all with
> Debian ( almost all potato - one woody) I would like to save bandwidth
> and centralize administration by utilizing one of the boxes as a apt-get
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one
> box, and save all the .deb's then use those .deb's for the other boxen
> without actually mirroring the whole debian site.
> 
> I know it's configurable - I don't know how.
> I read the man for sources.list, but I don't know how to set up the
> webserver to understand the following;

I have a very similiar setup at work.  There's a debian package called
mirror (apt-get install mirror) that comes with examples that can be
used to mirror a Debian mirror (tweak to exclude what you don't need (in
my case everything but i386).  Install it on a box that has a couple of
gigs of HD space for setting up your private mirror.  Then setup
anonymous FTP on the mirror box.  Once you have your server mirroring
properly, you simply insert the lines into your sources.list of each of
your boxen.  Here's mine.

deb ftp://internal_mirror potato main contrib non-free
deb ftp://internal_mirror dists/proposed-updates/
deb http://non-us.debian.org potato/non-US main contrib non-free
deb http://security.debian.org potato/updates main contrib non-free
deb ftp://ftp.twoguys.org/debian potato main contrib non-free
deb ftp://ftp.twoguys.org/debian dists/proposed-updates/

If something isn't on the internal mirror, it pulls it off of the
external mirror.  Add the mirror call into your crontab (mine updates
nightly at 3 am).

-- 
Matt Ray
[EMAIL PROTECTED]

Re: sources.list

2001-02-10 Thread Rolf Kutz 
Duane Powers ([EMAIL PROTECTED]) wrote:

> I have a question - I have a dozen boxen that I am maintaining, all with 
> Debian ( almost all potato - one woody) I would like to save bandwidth 
> and centralize administration by utilizing one of the boxes as a apt-get 
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> box, and save all the .deb's then use those .deb's for the other boxen 
> without actually mirroring the whole debian site.

Install a Proxy-Server (squid f.e.) and put 

Acquire::http::Proxy "http://your.proxy.server:port";;

in your /etc/apt/apt.conf

Works fine with me.

cu, Rolf

Re: sources.list

2001-02-10 Thread Duane Powers 
I have a question - I have a dozen boxen that I am maintaining, all with 
Debian ( almost all potato - one woody) I would like to save bandwidth 
and centralize administration by utilizing one of the boxes as a apt-get 
source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
box, and save all the .deb's then use those .deb's for the other boxen 
without actually mirroring the whole debian site.


I know it's configurable - I don't know how.
I read the man for sources.list, but I don't know how to set up the 
webserver to understand the following;


deb www.mybox.org debian/ Packages

thanks in advance for any help,

~duane

Re: sources.list

2001-02-10 Thread Matthew H. Ray 

Duane Powers wrote:
> 
> I have a question - I have a dozen boxen that I am maintaining, all with
> Debian ( almost all potato - one woody) I would like to save bandwidth
> and centralize administration by utilizing one of the boxes as a apt-get
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one
> box, and save all the .deb's then use those .deb's for the other boxen
> without actually mirroring the whole debian site.
> 
> I know it's configurable - I don't know how.
> I read the man for sources.list, but I don't know how to set up the
> webserver to understand the following;

I have a very similiar setup at work.  There's a debian package called
mirror (apt-get install mirror) that comes with examples that can be
used to mirror a Debian mirror (tweak to exclude what you don't need (in
my case everything but i386).  Install it on a box that has a couple of
gigs of HD space for setting up your private mirror.  Then setup
anonymous FTP on the mirror box.  Once you have your server mirroring
properly, you simply insert the lines into your sources.list of each of
your boxen.  Here's mine.

deb ftp://internal_mirror potato main contrib non-free
deb ftp://internal_mirror dists/proposed-updates/
deb http://non-us.debian.org potato/non-US main contrib non-free
deb http://security.debian.org potato/updates main contrib non-free
deb ftp://ftp.twoguys.org/debian potato main contrib non-free
deb ftp://ftp.twoguys.org/debian dists/proposed-updates/

If something isn't on the internal mirror, it pulls it off of the
external mirror.  Add the mirror call into your crontab (mine updates
nightly at 3 am).

-- 
Matt Ray
[EMAIL PROTECTED]


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-10 Thread Rolf Kutz 

Duane Powers ([EMAIL PROTECTED]) wrote:

> I have a question - I have a dozen boxen that I am maintaining, all with 
> Debian ( almost all potato - one woody) I would like to save bandwidth 
> and centralize administration by utilizing one of the boxes as a apt-get 
> source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
> box, and save all the .deb's then use those .deb's for the other boxen 
> without actually mirroring the whole debian site.

Install a Proxy-Server (squid f.e.) and put 

Acquire::http::Proxy "http://your.proxy.server:port";

in your /etc/apt/apt.conf

Works fine with me.

cu, Rolf


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-10 Thread Duane Powers 

I have a question - I have a dozen boxen that I am maintaining, all with 
Debian ( almost all potato - one woody) I would like to save bandwidth 
and centralize administration by utilizing one of the boxes as a apt-get 
source. then I can apt-get update ; apt-get dist-upgrade ; done, on one 
box, and save all the .deb's then use those .deb's for the other boxen 
without actually mirroring the whole debian site.

I know it's configurable - I don't know how.
I read the man for sources.list, but I don't know how to set up the 
webserver to understand the following;

deb www.mybox.org debian/ Packages

thanks in advance for any help,

~duane


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sources.list

2001-02-08 Thread Matthew Sherborne 
I ran apt-setup and it automatically added my local mirrors. I'm not sure if
it wipes your previous sources.list though...

GBY

Re: sources.list

2001-02-08 Thread Matthew Sherborne 

I ran apt-setup and it automatically added my local mirrors. I'm not sure if
it wipes your previous sources.list though...

GBY



--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

sources.list

2001-02-08 Thread Gary Glueckert 
I have recently been to the www.debian.org looking for the latest sites to
add to my sources.list file. I could not find them even though I know that I
have seen them there before. Could anyone give me a hand and let me know
what entries to include there. I am currently using:

#STABLE
deb http://http.us.debian.org/debian potato main contrib non-free
deb http://non-us.debian.org/debian-non-US potato/non-US main contrib
non-free
deb http://security.debian.org/debian-security potato/updates main contrib
non-free

#STABLE SOURCE
# Uncomment if you want the apt-get source function to work
#deb-src http://http.us.debian.org/debian stable main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US stable non-US

#HELIX CODE
deb http://spidermonkey.helixcode.com/distributions/debian unstable main
#added in by me for alsa

# WOODY
#deb http://llug.sep.bnl.gov/debian woody main contrib non-free

Any suggestions to improving the above list would be appreciated.

Gary

*  Cisco Certified Academy Instructor  *
*  Empowering the Internet Generation  *
*Are you ready?*
*  mailto:[EMAIL PROTECTED]*
*   http://www.cisco.com/edu   *

sources.list

2001-02-08 Thread Gary Glueckert 

I have recently been to the www.debian.org looking for the latest sites to
add to my sources.list file. I could not find them even though I know that I
have seen them there before. Could anyone give me a hand and let me know
what entries to include there. I am currently using:

#STABLE
deb http://http.us.debian.org/debian potato main contrib non-free
deb http://non-us.debian.org/debian-non-US potato/non-US main contrib
non-free
deb http://security.debian.org/debian-security potato/updates main contrib
non-free

#STABLE SOURCE
# Uncomment if you want the apt-get source function to work
#deb-src http://http.us.debian.org/debian stable main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US stable non-US

#HELIX CODE
deb http://spidermonkey.helixcode.com/distributions/debian unstable main
#added in by me for alsa

# WOODY
#deb http://llug.sep.bnl.gov/debian woody main contrib non-free

Any suggestions to improving the above list would be appreciated.

Gary

*  Cisco Certified Academy Instructor  *
*  Empowering the Internet Generation  *
*Are you ready?*
*  mailto:[EMAIL PROTECTED]*
*   http://www.cisco.com/edu   *



--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]