Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Sat, 16 Apr 2022 at 17:14, Peter J. Holzer wrote: > > On 2022-04-16 16:49:17 +0200, Marco Sulla wrote: > > Furthermore, you didn't answer my simple question: why does the > > security update package contain metadata about Debian patches, if the > > Ubuntu security team did not benefit from Debian security patches but > > only from internal work? > > It DOES NOT contain metadata about Debian patches. You are > misinterpreting the name "debian". The directory has this name because > the tools (dpkg, quilt, etc.) were originally written by the Debian team > for the Debian distribution. Ubuntu uses the same tools. They didn't > bother to rename the directory (why should they?), so the directory is > still called "debian" on Ubuntu (and yes I know this because I've built > numerous .deb packages on Ubuntu systems). Ah ok, now I understand. Sorry for the confusion. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 2022-04-16 16:49:17 +0200, Marco Sulla wrote: > Furthermore, you didn't answer my simple question: why does the > security update package contain metadata about Debian patches, if the > Ubuntu security team did not benefit from Debian security patches but > only from internal work? It DOES NOT contain metadata about Debian patches. You are misinterpreting the name "debian". The directory has this name because the tools (dpkg, quilt, etc.) were originally written by the Debian team for the Debian distribution. Ubuntu uses the same tools. They didn't bother to rename the directory (why should they?), so the directory is still called "debian" on Ubuntu (and yes I know this because I've built numerous .deb packages on Ubuntu systems). For example, here is the patches directory of one of my own packages: % ls -l debian/patches total 24 -rw-r--r-- 1 hjp hjp 982 Sep 12 2017 makefile -rw-r--r-- 1 hjp hjp 966 Sep 12 2017 makefile-all -rw-r--r-- 1 hjp hjp 367 Jan 15 2021 makefile-checkmk.diff -rw-r--r-- 1 hjp hjp 849 Dec 14 2017 makefile-check_cronwrapper -rw-r--r-- 1 hjp hjp 1126 Sep 12 2017 makefile-mkdir -rw-r--r-- 1 hjp hjp 86 Jan 15 2021 series 5 patches in the subdirectory debian/patches (the file "series" just contains the list of patches in proper order). None of these patches was written by Debian. They were all written by me. Yet they are all in a subdirectory "debian/patches", because that's where they have to be for the tools to find them (yes, this is on Ubuntu). hp -- _ | Peter J. Holzer| Story must make more sense than reality. |_|_) || | | | h...@hjp.at |-- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!" signature.asc Description: PGP signature -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Sat, 16 Apr 2022 at 10:15, Peter J. Holzer wrote: > It doesn't (or at least you can't conclude that from the evidence you > posted). > > There is a subdirectory called "debian" in the build directory of every > .deb package. This is true on Debian, Ubuntu and every other > distribution which uses the .deb package format. This directory is > required by the build tools and it contains all the data (e.g. build > instructions, dependencies, patches, description, extra documentation) > which was added by the packager. The name of the directory does not > imply that any of the files there was created by Debian. I have built > quite a few packages myself and I'm not a member of the Debian team. Actually I don't care if the package was made by Debian. I'm sure that it does not, since the Ubuntu packages have other terminology in versions. For example, the git package is version 2.17.1-1ubuntu0.10 The important fact is that I suppose it's quite evident that the Ubuntu team uses Debian patches to release their security updates, since the release notes are public and worldwide, made by a professional company, they are not made by an amateur. Furthermore I checked all the security updates my system released when we started this discussion, and all of them have release notes that contain information about security patches made by Debian. Only the security updates have these infos. Is it an amazing coincidence? I suppose no. Furthermore, you didn't answer my simple question: why does the security update package contain metadata about Debian patches, if the Ubuntu security team did not benefit from Debian security patches but only from internal work? I suppose I have to answer myself: because the patch applied by Ubuntu _is_ actually a Debian patch. The more interesting fact is that I checked all the security updates and it seems they are only applications of Debian patches. So it seems that the work of the Ubuntu security team is only to apply Debian security patches. If so, probably Debian is really more secure than Ubuntu, since I don't know if all the security patches made by Debian are applied. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 2022-04-14 19:31:58 +0200, Marco Sulla wrote: > On Wed, 13 Apr 2022 at 20:05, Peter J. Holzer wrote: > > > > On 2022-04-12 21:03:00 +0200, Marco Sulla wrote: > > > On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: > > > > They are are about a year apart, so they will usually contain > > > > different versions of most packages right from the start. So the > > > > Ubuntu and Debian security teams probably can't benefit much > > > > from each other. > > > > > > Well, this is what my updater on Lubuntu says to me today: [...] > > > - debian/patches/CVE-2018-16301.patch: Add check of [...] > > > - debian/patches/CVE-2020-8037.patch: Add a limit to the [...] > > > I use an LTS version. So it seems that Ubuntu benefits from Debian > > > security patches. > > > > Why do you think so? Because the release notes mention > > debian/patches/*.patch? > > Of course. > > > This may be an artefact of the build process. The build tools for .deb > > packages expect all kinds of meta-data to live in a subdirectory called > > "debian", even on non-debian systems. This includes patches, at least if > > the maintainer is using quilt (which AFAIK is currently the recommended > > tool for that purpose). > > And why does the security update package contain metadata about Debian > patches, It doesn't (or at least you can't conclude that from the evidence you posted). There is a subdirectory called "debian" in the build directory of every .deb package. This is true on Debian, Ubuntu and every other distribution which uses the .deb package format. This directory is required by the build tools and it contains all the data (e.g. build instructions, dependencies, patches, description, extra documentation) which was added by the packager. The name of the directory does not imply that any of the files there was created by Debian. I have built quite a few packages myself and I'm not a member of the Debian team. hp -- _ | Peter J. Holzer| Story must make more sense than reality. |_|_) || | | | h...@hjp.at |-- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!" signature.asc Description: PGP signature -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Wed, 13 Apr 2022 at 20:05, Peter J. Holzer wrote: > > On 2022-04-12 21:03:00 +0200, Marco Sulla wrote: > > On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: > > > They are are about a year apart, so they will usually contain different > > > versions of most packages right from the start. So the Ubuntu and Debian > > > security teams probably can't benefit much from each other. > > > > Well, this is what my updater on Lubuntu says to me today: > > > > Changes for tcpdump versions: > > Installed version: 4.9.3-0ubuntu0.18.04.1 > > Available version: 4.9.3-0ubuntu0.18.04.2 > > > > Version 4.9.3-0ubuntu0.18.04.2: > > > > * SECURITY UPDATE: buffer overflow in read_infile > > - debian/patches/CVE-2018-16301.patch: Add check of > > file size before allocating and reading content in > > tcpdump.c and netdissect-stdinc.h. > > - CVE-2018-16301 > > * SECURITY UPDATE: resource exhaustion with big packets > > - debian/patches/CVE-2020-8037.patch: Add a limit to the > > amount of space that can be allocated when reading the > > packet. > > - CVE-2020-8037 > > > > I use an LTS version. So it seems that Ubuntu benefits from Debian > > security patches. > > Why do you think so? Because the release notes mention debian/patches/*.patch? Of course. > This may be an artefact of the build process. The build tools for .deb > packages expect all kinds of meta-data to live in a subdirectory called > "debian", even on non-debian systems. This includes patches, at least if > the maintainer is using quilt (which AFAIK is currently the recommended > tool for that purpose). And why does the security update package contain metadata about Debian patches, if the Ubuntu security team did not benefit from Debian security patches but only from internal work? > OTOH tcpdump would be one of the those packages where Ubuntu could use a > Debian patch directly [...] It doesn't seem so. This is a fresh new security update: Changes for git versions: Installed version: 1:2.17.1-1ubuntu0.9 Available version: 1:2.17.1-1ubuntu0.10 Version 1:2.17.1-1ubuntu0.10: * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.hi, config.c, config.h. - CVE-2022-24765 I checked packages.debian.org and git 2.17 was never on Debian: Package git stretch (oldoldstable) (vcs): fast, scalable, distributed revision control system 1:2.11.0-3+deb9u7: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x stretch-backports (vcs): fast, scalable, distributed revision control system 1:2.20.1-1~bpo9+1: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x buster (oldstable) (vcs): fast, scalable, distributed revision control system 1:2.20.1-2+deb10u3: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x etc. https://packages.debian.org/search?keywords=git -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 2022-04-12 21:03:00 +0200, Marco Sulla wrote: > On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: > > They are are about a year apart, so they will usually contain different > > versions of most packages right from the start. So the Ubuntu and Debian > > security teams probably can't benefit much from each other. > > Well, this is what my updater on Lubuntu says to me today: > > Changes for tcpdump versions: > Installed version: 4.9.3-0ubuntu0.18.04.1 > Available version: 4.9.3-0ubuntu0.18.04.2 > > Version 4.9.3-0ubuntu0.18.04.2: > > * SECURITY UPDATE: buffer overflow in read_infile > - debian/patches/CVE-2018-16301.patch: Add check of > file size before allocating and reading content in > tcpdump.c and netdissect-stdinc.h. > - CVE-2018-16301 > * SECURITY UPDATE: resource exhaustion with big packets > - debian/patches/CVE-2020-8037.patch: Add a limit to the > amount of space that can be allocated when reading the > packet. > - CVE-2020-8037 > > I use an LTS version. So it seems that Ubuntu benefits from Debian > security patches. Why do you think so? Because the release notes mention debian/patches/*.patch? This may be an artefact of the build process. The build tools for .deb packages expect all kinds of meta-data to live in a subdirectory called "debian", even on non-debian systems. This includes patches, at least if the maintainer is using quilt (which AFAIK is currently the recommended tool for that purpose). OTOH tcpdump would be one of the those packages where Ubuntu could use a Debian patch directly: 4.9.3 has been the latest version for quite some time (I have it in Debian 9, Ubuntu 18, Debian 10 and Ubuntu 20, but not in Debian 11 (4.99.0)), so if any of those is patched, the others can (almost certainly) use the patch with little or no changes). I think this is rare, though: Packages with frequent security patches tend to have frequent feature updates, too. hp -- _ | Peter J. Holzer| Story must make more sense than reality. |_|_) || | | | h...@hjp.at |-- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!" signature.asc Description: PGP signature -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: > They are are about a year apart, so they will usually contain different > versions of most packages right from the start. So the Ubuntu and Debian > security teams probably can't benefit much from each other. Well, this is what my updater on Lubuntu says to me today: Changes for tcpdump versions: Installed version: 4.9.3-0ubuntu0.18.04.1 Available version: 4.9.3-0ubuntu0.18.04.2 Version 4.9.3-0ubuntu0.18.04.2: * SECURITY UPDATE: buffer overflow in read_infile - debian/patches/CVE-2018-16301.patch: Add check of file size before allocating and reading content in tcpdump.c and netdissect-stdinc.h. - CVE-2018-16301 * SECURITY UPDATE: resource exhaustion with big packets - debian/patches/CVE-2020-8037.patch: Add a limit to the amount of space that can be allocated when reading the packet. - CVE-2020-8037 I use an LTS version. So it seems that Ubuntu benefits from Debian security patches. Not sure about the contrary. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Thu, 31 Mar 2022 at 18:38, Cecil Westerhof via Python-list wrote: > Most people think that > Ubuntu is that also, because it is based on Debian. But Ubuntu wants > also provide the newest versions of software and this will affect the > stability and security negatively. I think you're referring to the fact that Ubuntu releases a new stable version every 6 months, while Debian every 2 years. This is true, but Ubuntu also releases a LTS every 2 years. You can install a LTS and change the options so you'll update the system only where a new LTS is coming out. Furthermore you're not forced to upgrade, you can do it when the LTS comes to the end. On the other hand, you can live on the edge with Debian too. You can install an unstable branch. Furthermore, there's the company factor. According to Google, Debian has about 1k devs, while Ubuntu only about 250. But these devs work full time on Ubuntu and they are paid for. Not sure this is not an important point. For what I know, historically the distros with the reputation to be more stable are distros maintained by companies, Red Hat and Gentoo for example. About stability and security, I can't disagree. But I suppose the people that use the unstable version of some Linux distro are useful for testing and reporting bugs, also security one. So they contribute to the stable versions, and I think we have to be grateful to these "pioneers". -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 2022-03-31 09:46:14 +0200, Cecil Westerhof via Python-list wrote: > "Peter J. Holzer" writes: > > Standard policy (there are exceptions) on most distros is to stay with > > the same version of any package for the entire lifetime. So for example, > > Ubuntu 20.04 was released with Apache 2.4.41 and Python 3.8.10 and > > Debian 11 was released with Apache 2.4.53 and Python 3.9.2 and they are > > still on these versions. Any security fixes and other critical bug fixes > > were back-ported to these versions. > > Are you sure? In the past this was not the case, but it is possible > that this has changed. (I do not really follow other distributions. I > am quite happy with Debian.) This has always been the case with Debian (they even created a special repo for packages where this wasn't feasible, like browsers (which typically update every few weeks and are too large for the security team to backport security fixes). In my experience it's also the case for Ubuntu (see the version numbers I posted). It also was the case for Redhat, but they seem to have switched to a rolling updates model some time ago. I'm not sure how they handle that now. hp -- _ | Peter J. Holzer| Story must make more sense than reality. |_|_) || | | | h...@hjp.at |-- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!" signature.asc Description: PGP signature -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
"Peter J. Holzer" writes: > On 2022-03-30 08:48:36 +0200, Marco Sulla wrote: >> On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: >> > They are are about a year apart, so they will usually contain different >> > versions of most packages right from the start. So the Ubuntu and Debian >> > security teams probably can't benefit much from each other. >> >> Are you sure? Since LTS of Debian and Ubuntu lasts 5 years, I suppose >> the versions of the packages should overlap at some point in the past. > > Standard policy (there are exceptions) on most distros is to stay with > the same version of any package for the entire lifetime. So for example, > Ubuntu 20.04 was released with Apache 2.4.41 and Python 3.8.10 and > Debian 11 was released with Apache 2.4.53 and Python 3.9.2 and they are > still on these versions. Any security fixes and other critical bug fixes > were back-ported to these versions. Are you sure? In the past this was not the case, but it is possible that this has changed. (I do not really follow other distributions. I am quite happy with Debian.) -- Cecil Westerhof Senior Software Engineer LinkedIn: http://www.linkedin.com/in/cecilwesterhof -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
"Peter J. Holzer" writes: > On 2022-03-28 15:35:07 +0200, Cecil Westerhof via Python-list wrote: >> "Loris Bennett" writes: >> > Ubuntu is presumably relying on the Debian security team as well as >> > other volunteers and at least one company, namely Canonical. >> >> Nope. One important reason that I really hate that people use Ubuntu >> for servers is that Ubuntu wants to be up to date. > > Not sure what you mean by that. > > There is an Ubuntu LTS release every 2 years. There is also a Debian > release roughly every 2 years (although not on quite as strict a > schedule). So that's very similar. > >> So Ubuntu starts very close to Debian security wise, but will shift >> rapidly. > > They are are about a year apart, so they will usually contain different > versions of most packages right from the start. So the Ubuntu and Debian > security teams probably can't benefit much from each other. That is is what I partly mean. Debian is very big on security and stability. Most people think that Ubuntu is that also, because it is based on Debian. But Ubuntu wants also provide the newest versions of software and this will affect the stability and security negatively. Even for a desktop I find stability and security more important as the newest versions. That is why I even for the desktop use Debian. Personally I find it strange that people choose newest versions over stability and security for a server. -- Cecil Westerhof Senior Software Engineer LinkedIn: http://www.linkedin.com/in/cecilwesterhof -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 2022-03-30 08:48:36 +0200, Marco Sulla wrote: > On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: > > They are are about a year apart, so they will usually contain different > > versions of most packages right from the start. So the Ubuntu and Debian > > security teams probably can't benefit much from each other. > > Are you sure? Since LTS of Debian and Ubuntu lasts 5 years, I suppose > the versions of the packages should overlap at some point in the past. Standard policy (there are exceptions) on most distros is to stay with the same version of any package for the entire lifetime. So for example, Ubuntu 20.04 was released with Apache 2.4.41 and Python 3.8.10 and Debian 11 was released with Apache 2.4.53 and Python 3.9.2 and they are still on these versions. Any security fixes and other critical bug fixes were back-ported to these versions. hp -- _ | Peter J. Holzer| Story must make more sense than reality. |_|_) || | | | h...@hjp.at |-- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!" signature.asc Description: PGP signature -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer wrote: > They are are about a year apart, so they will usually contain different > versions of most packages right from the start. So the Ubuntu and Debian > security teams probably can't benefit much from each other. Are you sure? Since LTS of Debian and Ubuntu lasts 5 years, I suppose the versions of the packages should overlap at some point in the past. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 2022-03-28 15:35:07 +0200, Cecil Westerhof via Python-list wrote: > "Loris Bennett" writes: > > Ubuntu is presumably relying on the Debian security team as well as > > other volunteers and at least one company, namely Canonical. > > Nope. One important reason that I really hate that people use Ubuntu > for servers is that Ubuntu wants to be up to date. Not sure what you mean by that. There is an Ubuntu LTS release every 2 years. There is also a Debian release roughly every 2 years (although not on quite as strict a schedule). So that's very similar. > So Ubuntu starts very close to Debian security wise, but will shift > rapidly. They are are about a year apart, so they will usually contain different versions of most packages right from the start. So the Ubuntu and Debian security teams probably can't benefit much from each other. hp -- _ | Peter J. Holzer| Story must make more sense than reality. |_|_) || | | | h...@hjp.at |-- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!" signature.asc Description: PGP signature -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
"Loris Bennett" writes: > Marco Sulla writes: > >> On Fri, 11 Mar 2022 at 19:10, Michael Torrie wrote: >>> Both Debian stable and Ubuntu LTS state they have a five year support >>> life cycle. >> >> Yes, but it seems that official security support in Debian ends after >> three years: >> >> "Debian LTS is not handled by the Debian security team, but by a >> separate group of volunteers and companies interested in making it a >> success" >> https://wiki.debian.org/LTS >> >> This is the only problem for me. > > I am not sure how different the two situations are. Ubuntu is > presumably relying on the Debian security team as well as other > volunteers and at least one company, namely Canonical. Nope. One important reason that I really hate that people use Ubuntu for servers is that Ubuntu wants to be up to date. So Ubuntu starts very close to Debian security wise, but will shift rapidly. -- Cecil Westerhof Senior Software Engineer LinkedIn: http://www.linkedin.com/in/cecilwesterhof -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
Dear Loris, "Loris Bennett" writes: > (...thanks...) > The sysadmins I know who are interested in long-term stability and > avoiding unnecessary OS updates use Debian rather than Ubuntu, +1; Reasonable! Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _地平天成_ 감사합니다_^))// -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Mon, 14 Mar 2022 at 18:33, Loris Bennett wrote: > I am not sure how different the two situations are. Ubuntu is > presumably relying on the Debian security team as well as other > volunteers and at least one company, namely Canonical. So do you think that Canonical contributes to the LTS security team of Debian? It could be. In this perspective, there should be little difference between Debian and Ubuntu. Debian 11 with XFCE is really tempting... -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
Marco Sulla writes: > On Fri, 11 Mar 2022 at 19:10, Michael Torrie wrote: >> Both Debian stable and Ubuntu LTS state they have a five year support >> life cycle. > > Yes, but it seems that official security support in Debian ends after > three years: > > "Debian LTS is not handled by the Debian security team, but by a > separate group of volunteers and companies interested in making it a > success" > https://wiki.debian.org/LTS > > This is the only problem for me. I am not sure how different the two situations are. Ubuntu is presumably relying on the Debian security team as well as other volunteers and at least one company, namely Canonical. The sysadmins I know who are interested in long-term stability and avoiding unnecessary OS updates use Debian rather than Ubuntu, but that's maybe just my bubble. Cheers, Loris -- This signature is currently under construction. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
Cousin Stanley wrote: >> apt-cache search lxqt | grep ^lxqt Chris Angelico wrote: > Much faster: > > apt-cache pkgnames lxqt > > apt-cache search will look for "lxqt" in descriptions too, > hence the need to filter those out > > apt-cache pkgnames is used by tab completion) > Thanks I didn't know about using pkgnames with apt-cache. -- Stanley C. Kitching Human Being Phoenix, Arizona -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Fri, 11 Mar 2022 at 19:10, Michael Torrie wrote: > Both Debian stable and Ubuntu LTS state they have a five year support > life cycle. Yes, but it seems that official security support in Debian ends after three years: "Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success" https://wiki.debian.org/LTS This is the only problem for me. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 3/11/22 11:03, Marco Sulla wrote: > Anyway I think I'll not install Debian, because it's LTS releases are > not long enough for me. I don't know if there's a distro based on > Debian that has a long LTS support, Ubuntu apart. Both Debian stable and Ubuntu LTS state they have a five year support life cycle. Ubuntu will support longer if you pay for it. Do you require more than five years? Anyway, use whatever works for you. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Fri, 11 Mar 2022 at 06:38, Dan Stromberg wrote: > That's an attribute of your desktop environment, not the Linux distribution. > > EG: I'm using Debian with Cinnamon, which does support ctrl-alt-t. Never used Cinnamon. It comes from Mint, right? > Some folks say the desktop environment matters more than the distribution, > when choosing what OS to install. Yes, it's important. I switched from Ubuntu to Xubuntu (then Lubuntu) when Ubuntu started using Unity. I liked GNOME 2 and KDE prior to Plasma. They were simple, lightweight and effective. I found these qualities in XFCE and LXDE. Anyway I think I'll not install Debian, because it's LTS releases are not long enough for me. I don't know if there's a distro based on Debian that has a long LTS support, Ubuntu apart. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Fri, 11 Mar 2022 at 19:57, Roel Schroeven wrote: > > Op 11/03/2022 om 3:50 schreef Chris Angelico: > > On Fri, 11 Mar 2022 at 09:51, Cousin Stanley > > wrote: > > > The following will display a list of lxqt packages > > > that are in the repository and available to install > > > > > > apt-cache search lxqt | grep ^lxqt > > > > > Much faster: > > > > apt-cache pkgnames lxqt > > > > (apt-cache search will look for "lxqt" in descriptions too, hence the > > need to filter those out - apt-cache pkgnames is used by tab > > completion) > > > Cousing Stanley's suggestion has the advantage that it also prints the > short descriptions instead of just the package names. The packages names > are often a bit too cryptic, I think. > > To search only in package names but still show the short description you > could also --names-only instead of grep: > > apt-cache search --names-only lxqt > > or > > apt-cache search --names-only ^lxqt > > Chris, when you say "Much faster", do you mean faster to type or faster > to execute? Your suggestion is certainly faster and easier to type. But > as for execution speed: on my systems apt-cache search is fast enough > that I don't really care about its execution time. When listing packages > that is; tab completion is a different matter, where every delay can be > quite annoying. Notably faster to execute on my system. Maybe the difference is insignificant on yours, but it's highly unlikely to be *slower*. The speed difference probably depends on how many package repositories you have, whether you have source packages, etc, etc, etc. (And of course, whether it's on a hard drive or SSD.) And what I would *actually* type is "apt i lxqt", so it's quite a lot faster. (I actually had to look up the precise command.) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
Op 11/03/2022 om 3:50 schreef Chris Angelico: On Fri, 11 Mar 2022 at 09:51, Cousin Stanley wrote: > The following will display a list of lxqt packages > that are in the repository and available to install > > apt-cache search lxqt | grep ^lxqt > Much faster: apt-cache pkgnames lxqt (apt-cache search will look for "lxqt" in descriptions too, hence the need to filter those out - apt-cache pkgnames is used by tab completion) Cousing Stanley's suggestion has the advantage that it also prints the short descriptions instead of just the package names. The packages names are often a bit too cryptic, I think. To search only in package names but still show the short description you could also --names-only instead of grep: apt-cache search --names-only lxqt or apt-cache search --names-only ^lxqt Chris, when you say "Much faster", do you mean faster to type or faster to execute? Your suggestion is certainly faster and easier to type. But as for execution speed: on my systems apt-cache search is fast enough that I don't really care about its execution time. When listing packages that is; tab completion is a different matter, where every delay can be quite annoying. -- "Don't Panic." -- Douglas Adams, The Hitchhiker's Guide to the Galaxy -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Fri, 11 Mar 2022 at 16:39, Dan Stromberg wrote: > Some folks say the desktop environment matters more than the distribution, > when choosing what OS to install. Matters more to the choice? Impossible to say. Matters more to the UI? Without a doubt. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Thu, Mar 10, 2022 at 5:04 AM Marco Sulla wrote: > On Thu, 10 Mar 2022 at 04:50, Michael Torrie wrote: > > > > On 3/9/22 13:05, Marco Sulla wrote: > > > So my laziness pays. I use only LTS distros, and I update only when > > > there are security updates. > > > PS: any suggestions for a new LTS distro? My Lubuntu is reaching its > > > end-of-life. I prefer lightweight debian-like distros. > > > > Maybe Debian itself? > > I tried Debian on a VM, but I found it too much basical. A little > example: it does not have the shortcut ctrl+alt+t to open a terminal > that Ubuntu has. I'm quite sure it's simple to add, but I'm starting > to be old and lazy... > That's an attribute of your desktop environment, not the Linux distribution. EG: I'm using Debian with Cinnamon, which does support ctrl-alt-t. Some folks say the desktop environment matters more than the distribution, when choosing what OS to install. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Fri, 11 Mar 2022 at 09:51, Cousin Stanley wrote: > > Marco Sulla wrote: > > >> > >> Maybe Debian itself? > > > > I tried Debian on a VM, but I found it too much basical. A little > > example: it does not have the shortcut ctrl+alt+t to open a terminal > > that Ubuntu has. I'm quite sure it's simple to add, but I'm starting > > to be old and lazy... > > > > I use the current stable release of Debian 11.2 Bullseye > with the lxqt desktop environment > > [Ctrl]-[Alt]-[T] will open a new qterminal window. > > > The following will display a list of lxqt packages > that are in the repository and available to install > > apt-cache search lxqt | grep ^lxqt > Much faster: apt-cache pkgnames lxqt (apt-cache search will look for "lxqt" in descriptions too, hence the need to filter those out - apt-cache pkgnames is used by tab completion) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
Marco Sulla wrote: >> >> Maybe Debian itself? > > I tried Debian on a VM, but I found it too much basical. A little > example: it does not have the shortcut ctrl+alt+t to open a terminal > that Ubuntu has. I'm quite sure it's simple to add, but I'm starting > to be old and lazy... > I use the current stable release of Debian 11.2 Bullseye with the lxqt desktop environment [Ctrl]-[Alt]-[T] will open a new qterminal window. The following will display a list of lxqt packages that are in the repository and available to install apt-cache search lxqt | grep ^lxqt -- Stanley C. Kitching Human Being Phoenix, Arizona -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 3/10/22 12:42, Marco Sulla wrote: > PS: Is it just my impression or is there a plebiscite for Debian? A vote? No I don't think so. Not sure what you mean. The reason we're all suggesting Debian is because you specifically said you want a LTS Debian-like distro. Can't get any more Debian-like than Debian! Debian with XFCE should give you the same experience as Xubuntu, and is always supported for a very long time. Personally I run Fedora with Mate or KDE and I upgrade the OS every 12-18 months, usually skipping a version or two. I did consider Centos 8 stream, but I needed something a little newer for various reasons. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Thu, 10 Mar 2022 at 14:13, Jack Dangler wrote: > or why not get a cloud desktop running whatever distro you want and you > don't have to do anything Three reasons: privacy, speed, price. Not in this order. On Thu, 10 Mar 2022 at 15:20, Chris Angelico wrote: > Very easy. I use Debian with Xfce, and it's an easy thing to add > shortcuts - even dynamically I used Xubuntu for a long time. I like Xfce. On Thu, 10 Mar 2022 at 16:35, Loris Bennett wrote: > The shortcuts are properties of the desktop environment. You could just > install LXDE/LXQt on Debian if that's what you're used to from Lubuntu. I tried LXQt on my desktop. Very disappointed. The OS Update interface is just an "alert". LXDE unluckily is no longer developed. > Of course, if you're too old and lazy to set up a shortcut, you might > also be too old and lazy to install a different desktop environment ;-) Okay, I'm lazy for boring things :D PS: Is it just my impression or is there a plebiscite for Debian? -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 3/10/22 06:03, Marco Sulla wrote: > I tried Debian on a VM, but I found it too much basical. A little > example: it does not have the shortcut ctrl+alt+t to open a terminal > that Ubuntu has. I'm quite sure it's simple to add, but I'm starting > to be old and lazy... Debian has the same desktop environments available for install as the rest of the distros. Gnome 3, Mate, LXDE, XFCE, KDE, etc. Whatever works for you on Ubuntu should work on Debian. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
Marco Sulla writes: > On Thu, 10 Mar 2022 at 04:50, Michael Torrie wrote: >> >> On 3/9/22 13:05, Marco Sulla wrote: >> > So my laziness pays. I use only LTS distros, and I update only when >> > there are security updates. >> > PS: any suggestions for a new LTS distro? My Lubuntu is reaching its >> > end-of-life. I prefer lightweight debian-like distros. >> >> Maybe Debian itself? > > I tried Debian on a VM, but I found it too much basical. A little > example: it does not have the shortcut ctrl+alt+t to open a terminal > that Ubuntu has. I'm quite sure it's simple to add, but I'm starting > to be old and lazy... The shortcuts are properties of the desktop environment. You could just install LXDE/LXQt on Debian if that's what you're used to from Lubuntu. Of course, if you're too old and lazy to set up a shortcut, you might also be too old and lazy to install a different desktop environment ;-) Cheers, Loris -- This signature is currently under construction. -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Fri, 11 Mar 2022 at 00:05, Marco Sulla wrote: > > On Thu, 10 Mar 2022 at 04:50, Michael Torrie wrote: > > > > On 3/9/22 13:05, Marco Sulla wrote: > > > So my laziness pays. I use only LTS distros, and I update only when > > > there are security updates. > > > PS: any suggestions for a new LTS distro? My Lubuntu is reaching its > > > end-of-life. I prefer lightweight debian-like distros. > > > > Maybe Debian itself? > > I tried Debian on a VM, but I found it too much basical. A little > example: it does not have the shortcut ctrl+alt+t to open a terminal > that Ubuntu has. I'm quite sure it's simple to add, but I'm starting > to be old and lazy... Very easy. I use Debian with Xfce, and it's an easy thing to add shortcuts - even dynamically (I have Alt+D to dictate notes, but only while I'm playing Counter-Strike competitively). Debian + Xfce is a combo that's served me very well for years now. I didn't much like the latest Adwaita colour scheme, but a small tweak later, it's fine again. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Suggestion for Linux Distro (from PSA: Linux vulnerability)
On 3/10/22 08:03, Marco Sulla wrote: On Thu, 10 Mar 2022 at 04:50, Michael Torrie wrote: On 3/9/22 13:05, Marco Sulla wrote: So my laziness pays. I use only LTS distros, and I update only when there are security updates. PS: any suggestions for a new LTS distro? My Lubuntu is reaching its end-of-life. I prefer lightweight debian-like distros. Maybe Debian itself? I tried Debian on a VM, but I found it too much basical. A little example: it does not have the shortcut ctrl+alt+t to open a terminal that Ubuntu has. I'm quite sure it's simple to add, but I'm starting to be old and lazy... or why not get a cloud desktop running whatever distro you want and you don't have to do anything -- https://mail.python.org/mailman/listinfo/python-list
Suggestion for Linux Distro (from PSA: Linux vulnerability)
On Thu, 10 Mar 2022 at 04:50, Michael Torrie wrote: > > On 3/9/22 13:05, Marco Sulla wrote: > > So my laziness pays. I use only LTS distros, and I update only when > > there are security updates. > > PS: any suggestions for a new LTS distro? My Lubuntu is reaching its > > end-of-life. I prefer lightweight debian-like distros. > > Maybe Debian itself? I tried Debian on a VM, but I found it too much basical. A little example: it does not have the shortcut ctrl+alt+t to open a terminal that Ubuntu has. I'm quite sure it's simple to add, but I'm starting to be old and lazy... -- https://mail.python.org/mailman/listinfo/python-list