Re: Updating Debian in a very secure way
Colin Watson [EMAIL PROTECTED] writes: On Tue, Feb 24, 2004 at 02:20:23PM -0800, Vineet Kumar wrote: * Moritz Beller ([EMAIL PROTECTED]) [040224 14:12]: Yes, but not only! In the former case (upgrading debian distribution) I only want to use secure updates (that means updates which are believed to work very stable and fully tested or at least something like this). I prefer not getting the very latest version instead of a buggy test one. You describe: # Security updates for stable deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free Drop the second of those. (It has more or less no effect at the moment; it probably will as we run up to releasing sarge, and perhaps in the future it may have useful contents more regularly.) After doing so apt-get just wants to install one new package and update 3 packages whereas the calling of apt-get dist-upgrade before these changes resulted in getting an enormous list of updates to be done. I guess this sources.list won't update my debian. What's wrong with it? Moritz -- please send mail to momo.beller(AT)t-online(DOT)de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updating Debian in a very secure way
On Wed, 25 Feb 2004 13:50:37 +0100 Moritz Beller [EMAIL PROTECTED] wrote: Colin Watson [EMAIL PROTECTED] writes: On Tue, Feb 24, 2004 at 02:20:23PM -0800, Vineet Kumar wrote: * Moritz Beller ([EMAIL PROTECTED]) [040224 14:12]: Yes, but not only! In the former case (upgrading debian distribution) I only want to use secure updates (that means updates which are believed to work very stable and fully tested or at least something like this). I prefer not getting the very latest version instead of a buggy test one. You describe: # Security updates for stable deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free Drop the second of those. (It has more or less no effect at the moment; it probably will as we run up to releasing sarge, and perhaps in the future it may have useful contents more regularly.) After doing so apt-get just wants to install one new package and update 3 packages whereas the calling of apt-get dist-upgrade before these changes resulted in getting an enormous list of updates to be done. I guess this sources.list won't update my debian. What's wrong with it? Nothing's wrong with it: it's what you asked for. You started out with a sources.list that drew from stable, testing, and unstable, as well as unofficial repositories, but *didn't* draw from the security updates. You said you wanted to only get secure packages, and then later clarified that to say y that you wanted updates which are believed to work very stable and fully tested or at least something like this. So you were given a sources.list which drew updates from the stable distribution, and from the security updates (which are updates to stable). The sources.list you were provided didn't include testing or unstable, because you explicitly said you didn't want those. That's where the enormous list of updates was coming from: those two distributions. The stable distribution doesn't get many updates. It sounds to me like you haven't read the documentation about this stuff, and don't really know what's going on -- what the differences are between stable, testing and unstable; what packages/distributions get security updates, new version updates, etc. I recommend reading the Debian FAQ, esp. sections 5-8; and the Debian Reference, esp. sections 2 and parts of 5-6. Others here may have other recommendations. -c P.S. CC'ing to you because you asked in your sig. -- Chris Metzler [EMAIL PROTECTED] (remove snip-me. to email) As a child I understood how to give; I have forgotten this grace since I have become civilized. - Chief Luther Standing Bear pgp0.pgp Description: PGP signature
Re: Updating Debian in a very secure way
Chris Metzler [EMAIL PROTECTED] writes: What's wrong with it? Nothing's wrong with it: it's what you asked for. You started out with a sources.list that drew from stable, testing, and unstable, as well as unofficial repositories, but *didn't* draw from the security updates. You said you wanted to only get secure packages, and then later clarified that to say y that you wanted updates which are believed to work very stable and fully tested or at least something like this. So you were given a sources.list which drew updates from the stable distribution, and from the security updates (which are updates to stable). The sources.list you were provided didn't include testing or unstable, because you explicitly said you didn't want those. That's where the enormous list of updates was coming from: those two distributions. The stable distribution doesn't get many updates. Alright. So, I guess even now there are not all packages at my system stable or secure. It sounds to me like you haven't read the documentation about this stuff, and don't really know what's going on -- what the differences are between stable, testing and unstable; That's right. I can promise that I'll do this in just a moment. what packages/distributions get security updates, new version updates, etc. I recommend reading the Debian FAQ, esp. sections 5-8; and the Debian Reference, esp. sections 2 and parts of 5-6. Others here may have other recommendations. But I agree with nearly all things you've mentioned in your posting. Thanks a lot. Moritz -- please send mail to momo.beller(AT)t-online(DOT)de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updating Debian in a very secure way
I'm not sure I understand the question. Is it that you want only security updates? That is, do you wnat ot skip those upgrades that have no impact on security? Art Edwards On Tue, Feb 24, 2004 at 07:25:32PM +0100, Moritz Beller wrote: Hello! As already discribed in a prior posting I want to update my system via apt-get dist-upgrade. In order to only get secure packages, which lines should be deleted from my sources.list (some commented out lines have already been deleted)? # Security updates for stable deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free # Stable deb http://ftp2.de.debian.org/pub/debian stable main contrib non-free deb http://ftp2.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free # Sources deb-src http://ftp2.de.debian.org/pub/debian stable main contrib non-free deb-src http://ftp2.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free # Testing deb http://ftp2.de.debian.org/pub/debian testing main contrib non-free deb http://ftp2.de.debian.org/pub/debian-non-US testing/non-US main contrib non-free # Sources deb-src http://ftp2.de.debian.org/pub/debian testing main contrib non-free deb-src http://ftp2.de.debian.org/pub/debian-non-US testing/non-US main contrib non-free # Unstable deb http://ftp2.de.debian.org/debian unstable main contrib non-free deb http://ftp2.de.debian.org/debian-non-US unstable/non-US main contrib non-free # Sources deb-src http://ftp2.de.debian.org/debian unstable main contrib non-free deb-src http://ftp2.de.debian.org/debian-non-US unstable/non-US main contrib non-free # Mozilla deb http://non-us.debian.org/~kitame/mozilla ./ deb-src http://non-us.debian.org/~kitame/mozilla ./ # XFree 4.2/4.3 deb http://people.debian.org/~branden/packages sid/i386/ deb-src http://people.debian.org/~branden/packages sid/source/ deb http://www.penguinppc.org/~daniels/sid/i386 ./ deb-src http://www.penguinppc.org/~daniels/sid/source ./ # Java deb ftp://ftp.gwdg.de/pub/languages/java/linux/debian woody main non-free deb-src ftp://ftp.gwdg.de/pub/languages/java/linux/debian woody main non-free deb ftp://ftp.gwdg.de/pub/languages/java/linux/debian unstable main non-free deb-src ftp://ftp.gwdg.de/pub/languages/java/linux/debian unstable main non-free # Blades Repository (pppoeconf co) deb http://people.debian.org/~blade/testing ./ deb-src http://people.debian.org/~blade/testing ./ I also heard of putting these neat three lines into sources.list to recieve security updates automatically: deb ftp://security.debian.org/debian-security stable updates deb ftp://security.debian.org/debian-non-US stable non-US deb ftp://ftp1.us.debian.org/debian stable main contrib non-free Can you recommend that? By what action will these been proofed (via dist-upgrade)? Thanks in advance Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updating Debian in a very secure way
user list [EMAIL PROTECTED] writes: I'm not sure I understand the question. Is it that you want only security updates? That is, do you wnat ot skip those upgrades that have no impact on security? Yes, but not only! In the former case (upgrading debian distribution) I only want to use secure updates (that means updates which are believed to work very stable and fully tested or at least something like this). I prefer not getting the very latest version instead of a buggy test one. In the latter case (auto update) I think about what you've already said: (I don't want to offend the developers) A bit like the update service of a famous proprietary software company located in Redmond. (And no, I don't think of Nintendo). Moritz -- please sendmail to momo.beller(AT)t-online(DOT)de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updating Debian in a very secure way
* Moritz Beller ([EMAIL PROTECTED]) [040224 14:12]: user list [EMAIL PROTECTED] writes: I'm not sure I understand the question. Is it that you want only security updates? That is, do you wnat ot skip those upgrades that have no impact on security? Yes, but not only! In the former case (upgrading debian distribution) I only want to use secure updates (that means updates which are believed to work very stable and fully tested or at least something like this). I prefer not getting the very latest version instead of a buggy test one. You describe: # Security updates for stable deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free # Stable deb http://ftp2.de.debian.org/pub/debian stable main contrib non-free deb http://ftp2.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free # EOF good times, Vineet -- http://www.doorstop.net/ -- If Haydn had patented a symphony, characterised by that sound is produced [ in extended sonata form ], Mozart would have been in trouble. http://swpat.ffii.org signature.asc Description: Digital signature
Re: Updating Debian in a very secure way
On Tue, Feb 24, 2004 at 02:20:23PM -0800, Vineet Kumar wrote: * Moritz Beller ([EMAIL PROTECTED]) [040224 14:12]: Yes, but not only! In the former case (upgrading debian distribution) I only want to use secure updates (that means updates which are believed to work very stable and fully tested or at least something like this). I prefer not getting the very latest version instead of a buggy test one. You describe: # Security updates for stable deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free Drop the second of those. (It has more or less no effect at the moment; it probably will as we run up to releasing sarge, and perhaps in the future it may have useful contents more regularly.) Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updating Debian in a very secure way
* Colin Watson ([EMAIL PROTECTED]) [040224 15:06]: On Tue, Feb 24, 2004 at 02:20:23PM -0800, Vineet Kumar wrote: * Moritz Beller ([EMAIL PROTECTED]) [040224 14:12]: Yes, but not only! In the former case (upgrading debian distribution) I only want to use secure updates (that means updates which are believed to work very stable and fully tested or at least something like this). I prefer not getting the very latest version instead of a buggy test one. You describe: # Security updates for stable deb http://security.debian.org stable/updates main contrib non-free deb http://security.debian.org testing/updates main contrib non-free Drop the second of those. (It has more or less no effect at the moment; it probably will as we run up to releasing sarge, and perhaps in the future it may have useful contents more regularly.) Ah, yes, of course. I should have paid more attention to what I was pasting. My point was to inform the OP that for the requirements he describes, a typical stable + security system is the best bet. good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/ Defending freedom in the digital world signature.asc Description: Digital signature