Michael Gilbert wrote:
> On Tue, Dec 21, 2010 at 12:34 PM, Moritz Muehlenhoff wrote:
> > Upgrade instructions
> > -
> >
> > If you are using the apt-get package manager, use the line for
> > sources.list as given below:
>
> For future advisories, I wonder if this might be better said as "Make
> sure that a 'deb http://security.debian.org/ stable/updates main' line
> is included in your /etc/apt/sources.list and then run the following
> commands to perform the update'
>
> > apt-get update
> > will update the internal database
> > apt-get upgrade
> > will install corrected packages
> >
> > You may use an automated update by adding the resources from the
> > footer to the proper configuration.
>
> Isn't this a repeat of the first sentence in the upgrade instructions?
>
> > -
> > -
> > For apt-get: deb http://security.debian.org/ stable/updates main
>
> I think this would be better stated in plain English as suggested above.
>
> > For dpkg-ftp: ftp://security.debian.org/debian-security
> > dists/stable/updates/main
>
> Since dpkg-ftp is removed from sid/squeeze (and I don't know if it
> checks signatures), I think this line should be removed.
>
> > Mailing list: debian-security-annou...@lists.debian.org
>
> Is this statement useful? The user can look at the mail header to see
> where it came from.
>
> > Package info: `apt-cache show ' and http://packages.debian.org/
>
> This may be better to state in plain English. For example, "For more
> info on this package, type 'apt-cache show' or visit
> http://packages.debian.org/. For information on the changes
> involved type 'cat /usr/share/doc//changelog.Debian.gz' or
> install the apt-listchanges package."
>
> I wonder if there should be a warning somewhere in this footer about
> using tools (such as dpkg) that don't check signatures? Or maybe
> explicitly state that apt, aptitude, synaptic, software center, update
> manager, etc are the only recommended tools.
>
> Anyway, just some thoughts on new changes.
Thanks for the feedback. We've ended up with a much simplified version.
BTW, the line Mailing list: debian-security-annou...@lists.debian.org
is currently mandated by the mailing list script.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110101235724.gf2...@galadriel.inutil.org