How to keep debian current?? [Debian]

Prev: Updraiding or reinstalling?
Next: More important question... (was Re: How to keep debian current??)

From: Mark Allums on 17 May 2010 12:10

On 5/17/2010 10:43 AM, Andrei Popescu wrote:
> On Mon,17.May.10, 10:29:57, Mark Allums wrote:
>
>> Backwards. Sid gets no security, AT ALL. Testing get some.
>
> If some issue is fixed for stable the fix is also applied for unstable,
> unless the maintainer is unresponsive or so. In practice this means that
> unstable can be in better shape then testing at times.
>
> Regards,
> Andrei

Thank you. This is contrary to what the main Debian site says in
multiple places, but it is plausible. Good to know.

MAA

--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4BF169AE.3000902(a)allums.com

From: Osamu Aoki on 18 May 2010 12:00

On Mon, May 17, 2010 at 11:07:10AM -0500, Mark Allums wrote:
> On 5/17/2010 10:43 AM, Andrei Popescu wrote:
> >On Mon,17.May.10, 10:29:57, Mark Allums wrote:
> >
> >>Backwards. Sid gets no security, AT ALL. Testing get some.
> >
> >If some issue is fixed for stable the fix is also applied for unstable,
> >unless the maintainer is unresponsive or so. In practice this means that
> >unstable can be in better shape then testing at times.
> >
> >Regards,
> >Andrei
>
> Thank you. This is contrary to what the main Debian site says in
> multiple places, but it is plausible. Good to know.

Could you be more specific where you saw them or where you got this
impression? So we can make corrective action to reduce confusion.

(Sid gets no corresponding "security" repository like
stable/updates nor testing/updates because we can upload directly to it
any time.)

I am thinking to add text to Debian reference to reduce such confusion.

Now:
If "sid" is used in the above example instead of "lenny", the "deb:
http://security.debian.org/ $B!D(B" line for security updates in the
"/etc/apt/sources.list" is not required. Security updates are only
available for stable and testing (i.e., lenny and squeeze).

(I should have explained better.)

New:
If "sid" is used in the above example instead of "lenny", the "deb:
http://security.debian.org/ $B!D(B" line for security updates in the
"/etc/apt/sources.list" is not required. This is because "sid"
(unstable) is always updated whenever security issues are fixed. There
is no need to have a separate security update archive for "sid".

Osamu

--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/20100518153402.GB31197(a)osamu.debian.net

From: John A. Sullivan III on 18 May 2010 12:20

On Wed, 2010-05-19 at 00:34 +0900, Osamu Aoki wrote:
> On Mon, May 17, 2010 at 11:07:10AM -0500, Mark Allums wrote:
> > On 5/17/2010 10:43 AM, Andrei Popescu wrote:
> > >On Mon,17.May.10, 10:29:57, Mark Allums wrote:
> > >
> > >>Backwards. Sid gets no security, AT ALL. Testing get some.
> > >
> > >If some issue is fixed for stable the fix is also applied for unstable,
> > >unless the maintainer is unresponsive or so. In practice this means that
> > >unstable can be in better shape then testing at times.
> > >
> > >Regards,
> > >Andrei
> >
> > Thank you. This is contrary to what the main Debian site says in
> > multiple places, but it is plausible. Good to know.
>
> Could you be more specific where you saw them or where you got this
> impression? So we can make corrective action to reduce confusion.
>
> (Sid gets no corresponding "security" repository like
> stable/updates nor testing/updates because we can upload directly to it
> any time.)
>
> I am thinking to add text to Debian reference to reduce such confusion.
>
> Now:
> If "sid" is used in the above example instead of "lenny", the "deb:
> http://security.debian.org/ â¦" line for security updates in the
> "/etc/apt/sources.list" is not required. Security updates are only
> available for stable and testing (i.e., lenny and squeeze).
>
> (I should have explained better.)
>
> New:
> If "sid" is used in the above example instead of "lenny", the "deb:
> http://security.debian.org/ â¦" line for security updates in the
> "/etc/apt/sources.list" is not required. This is because "sid"
> (unstable) is always updated whenever security issues are fixed. There
> is no need to have a separate security update archive for "sid".
<snip>
Hmm . . . to someone not more familiar with Debian practices, the new
version seems more confusing. I would read that and think that Sid is
very secure because it always has the latest security fixes. If that's
not what we mean, then perhaps the current version needs only slight
revision for clarity, e.g.,

Now:
If "sid" is used in the above example instead of "lenny", the "deb:
http://security.debian.org/ â¦" line for security updates in the
"/etc/apt/sources.list" is not required because Sid does not receive
security updates. Security updates are only
available for stable and testing (i.e., lenny and squeeze).

--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/1274199080.20211.6.camel(a)Family.pacifera.com

From: John Hasler on 18 May 2010 13:10

John A. Sullivan III writes:
> Hmm . . . to someone not more familiar with Debian practices, the new
> version seems more confusing. I would read that and think that Sid is
> very secure because it always has the latest security fixes. If
> that's not what we mean, then perhaps the current version needs only
> slight revision for clarity, e.g.,

Packages in Sid do not receive security updates from the security team.
They do receive security updates from the maintainer of the package but
the security team does not monitor Sid. The maintainer will often
address a security problem by packaging the next upstream version rather
than backporting the fix as the security team does.
--
John Hasler

--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/87hbm56tks.fsf(a)thumper.dhh.gt.org

From: Tom H on 18 May 2010 13:20

2010/5/18 Osamu Aoki <osamu(a)debian.org>:
> On Mon, May 17, 2010 at 11:07:10AM -0500, Mark Allums wrote:
>> On 5/17/2010 10:43 AM, Andrei Popescu wrote:
>> >On Mon,17.May.10, 10:29:57, Mark Allums wrote:
>> >
>> >>Backwards. Sid gets no security, AT ALL. Testing get some.
>> >
>> >If some issue is fixed for stable the fix is also applied for unstable,
>> >unless the maintainer is unresponsive or so. In practice this means that
>> >unstable can be in better shape then testing at times.
>> >
>> >Regards,
>> >Andrei
>>
>> Thank you. This is contrary to what the main Debian site says in
>> multiple places, but it is plausible. Good to know.
>
> Could you be more specific where you saw them or where you got this
> impression? So we can make corrective action to reduce confusion.
>
> (Sid gets no corresponding "security" repository like
> stable/updates nor testing/updates because we can upload directly to it
> any time.)
>
> I am thinking to add text to Debian reference to reduce such confusion.
>
> Now:
> If "sid" is used in the above example instead of "lenny", the "deb:
> http://security.debian.org/ " line for security updates in the
> "/etc/apt/sources.list" is not required. Security updates are only
> available for stable and testing (i.e., lenny and squeeze).
>
> (I should have explained better.)
>
> New:
> If "sid" is used in the above example instead of "lenny", the "deb:
> http://security.debian.org/ " line for security updates in the
> "/etc/apt/sources.list" is not required. This is because "sid"
> (unstable) is always updated whenever security issues are fixed. There
> is no need to have a separate security update archive for "sid".

Perhaps you should add to this "This is because "sid" (unstable) is
always updated whenever security issues are fixed." that, in the case
of sid, security updates are downloaded by apt from "deb ... main" (or
uploaded by DDs to "deb ... main").

--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/AANLkTil4BYIMsxmOU_MBNPpe98fA1g6zGEO8o3dfoW5a(a)mail.gmail.com

First | Prev | Next | Last
Pages: 1 2 3 4 5 6 7 8 9 10 11
Prev: Updraiding or reinstalling?
Next: More important question... (was Re: How to keep debian current??)