Re: woody/sarge vs. stable/testing in sources.list
somebody said: >>>systems every day. I've been doing it on about 10 systems for about 2 >>>years, and haven't had a lot of trouble; indeed once my mail servers >>> went >>>down for a few hours for that reason, but my mail servers are always >>> looking >>>for an excuse to go down. Use ssh-agent, and ssh2 public keys for passwordless login on your machines. I use this method to update my servers every day in about 3 minutes. http://cfm.gs.washington.edu/security/ssh/client-pkauth/ Just run monit or netsaint to monitor your machines, and you nullmailer to mail you when a system is down. Monit can even restart the service if it's puking. monit is a debian package, you can download sample monit debian config from here: http:// www.cs.montana.edu/support/monit.debian.v1.tar.bz2 (note the space in address.) I changed it from a monolithic config to a seperate config file for each service so it's trivial to add services in for each system. You juste need to include your service in monitrc and then edit global_defines and stick it all in /etc/monit and you are good to go. -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
Karsten M. Self wrote: on Wed, May 19, 2004 at 08:07:46PM -0400, David Gaudine ([EMAIL PROTECTED]) wrote: and if ththeresroblem with MTMTApgrade ?:) True, now and then I have to count the subject lines to make sure all systems are accounted for. But it's still better than logging in to all the systems every day. I've been doing it on about 10 systems for about 2 years, and haven't had a lot of trouble; indeed once my mail servers went down for a few hours for that reason, but my mail servers are always looking for an excuse to go down. Sounds like someone who needs to discover 'screen' and RSAkey authentication in SSH. And maybe a little about server monitoring and load-balancing. Ten mail servers, service should *never* be down. Nate Duehr, [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
on Wed, May 19, 2004 at 08:07:46PM -0400, David Gaudine ([EMAIL PROTECTED]) wrote: > > and if ththeresroblem with MTMTApgrade ?:) > > True, now and then I have to count the subject lines to make sure all > systems are accounted for. But it's still better than logging in to all the > systems every day. I've been doing it on about 10 systems for about 2 > years, and haven't had a lot of trouble; indeed once my mail servers went > down for a few hours for that reason, but my mail servers are always looking > for an excuse to go down. Sounds like someone who needs to discover 'screen' and RSAkey authentication in SSH. Peace. -- Karsten M. Self <[EMAIL PROTECTED]>http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Verio webhosting? Guaranteed downtime: http://www.wired.com/news/politics/0,1283,57011,00.html http://www.dowethics.com/r/environment/freedom.html signature.asc Description: Digital signature
Re: woody/sarge vs. stable/testing in sources.list
Colin Watson <[EMAIL PROTECTED]> wrote: On Wed, May 19, 2004 at 10:19:29AM -0500, Michael Kahle wrote: Wednesday, May 19, 2004 5:14 AM Colin Watson wrote: I *strongly* recommend against upgrading by cron job. Just don't do it; there are lots of ways it can break. I have heard this mentioned before. Could you elaborate? Why is this a problem? Please excuse my inexperience here. Upgrades require interaction from time to time, such as conffile merges. Even with packages that use debconf, the defaults you get with the noninteractive frontend aren't always what you want. I use cron-apt to do downloads *ONLY* of updated packages overnight. Then, the next day, I do and 'apt-get -u upgrade'. This allows me to see what is going to be upgraded and say 'no' if I don't want to complete the upgrade. This also means that I am present to answer any required questions during the actual update. This worked great until I was forced to switch ISP and I now get almost nightly disconnects in the middle of the download. I wish there was a decent ISP in my area, but that's what I get for living in the mountains of West Virginia. Marc Shapiro -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
> and if ththeresroblem with MTMTApgrade ?:) True, now and then I have to count the subject lines to make sure all systems are accounted for. But it's still better than logging in to all the systems every day. I've been doing it on about 10 systems for about 2 years, and haven't had a lot of trouble; indeed once my mail servers went down for a few hours for that reason, but my mail servers are always looking for an excuse to go down. David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
--- David GaGaudinedadavidmemclaboconcordiaa> wrote: > > I know that this is not recommended. But I often > set up DeDebianachines > > for "friends" who have virtually no clue > whatsoever and no intentions > > of changing this. The machines are obviously not > very important but I > > want to provide at least a minimal level of > security because if I do not > > it will be sooner that I have to spend time and > efforts in fixing their > > broken-into boxes. > > I do it too, but I set it up to mail the output to > me so I can check that > there were no errors. > David and if ththeresroblem with MTMTApgrade ?:) cheers, hthttp/wxaxeltabsom/ __ axaxel __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
> I know that this is not recommended. But I often set up Debian machines > for "friends" who have virtually no clue whatsoever and no intentions > of changing this. The machines are obviously not very important but I > want to provide at least a minimal level of security because if I do not > it will be sooner that I have to spend time and efforts in fixing their > broken-into boxes. I do it too, but I set it up to mail the output to me so I can check that there were no errors. David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
> > In my opinion semi-automaticaly updates sound scary > itself... > > - Martin I agree, and I never use it. But still, even on manual updates , it can cause problem. cheers, http://www.axeltabs.com/ __ axel __ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Wed, May 19, 2004 at 01:59:28PM -0700, Ping Wing wrote: > > Upgrades require interaction from time to time, such > > as conffile merges. > > Even with packages that use debconf, the defaults > > you get with the > > noninteractive frontend aren't always what you want. > > well but lets assume i have little router ticking > somewhere. only sshd listening. > > If I configure everything right then I should only > need to upgrade sshd->libssl->libc6 . I think it could > be done without interaction? The ssh package contains five conffiles. If you change any of those and they also change in the package, then you'll have to resolve the conflicts. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
> Upgrades require interaction from time to time, such > as conffile merges. > Even with packages that use debconf, the defaults > you get with the > noninteractive frontend aren't always what you want. well but lets assume i have little router ticking somewhere. only sshd listening. If I configure everything right then I should only need to upgrade sshd->libssl->libc6 . I think it could be done without interaction? Debian backporting should ensure that only some binaries are needed to upgrade. But yeah, when sarge comes to stable one day, then ssh 3.4 -> ssh x.y could need much more interaction. cheers, http://www.axeltabs.com/ __ axel __ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
> Every Debian init.d script that starts a daemon says > something like > "Starting web server: apache." > some processes take long time to finish. slurpd hangs sometime mystically or takes long to finish. I think it could cause probelms if I start it again before its done. some scripts are ok, like apache for example. when i run /etc/init.d/apace stop and its already stopped then it says that couldnt kill. but /etc/init.d/sysklogd stop always says 'Stopping system log daemon: syslogd.' cheers, http://www.axeltabs.com/ __ axel __ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: woody/sarge vs. stable/testing in sources.list
On Wednesday, May 19, 2004 10:42 AM Colin Watson wrote: >On Wed, May 19, 2004 at 10:19:29AM -0500, Michael Kahle wrote: >> Wednesday, May 19, 2004 5:14 AM Colin Watson wrote: >>> I *strongly* recommend against upgrading by cron job. Just don't do >>> it; there are lots of ways it can break. >> >> I have heard this mentioned before. Could you elaborate? Why is this >> a problem? Please excuse my inexperience here. > > Upgrades require interaction from time to time, such as conffile > merges. Even with packages that use debconf, the defaults you get > with the noninteractive frontend aren't always what you want. Ah. This makes perfect sense. Good enough for me. Thanks. Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
Incoming from Michael Kahle: > Wednesday, May 19, 2004 5:14 AM Colin Watson wrote: > > I *strongly* recommend against upgrading by cron job. Just don't do > > it; there are lots of ways it can break. > > I have heard this mentioned before. Could you elaborate? Why is this a > problem? Please excuse my inexperience here. A few weeks ago, a kernel-image package (security fix) was released that didn't contain any kernel modules. Oops. >From one release to the next, things change their names; usb --> usb-uhci (or whatever). Yes, your hardware is still supported, but not by the module you told it supports it. It's a complex system and you can't expect the Debian developers/release team to have thought of everything; you're not paying them enough to be immortals. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Wed, May 19, 2004 at 10:19:29AM -0500, Michael Kahle wrote: > Wednesday, May 19, 2004 5:14 AM Colin Watson wrote: > > I *strongly* recommend against upgrading by cron job. Just don't do > > it; there are lots of ways it can break. > > I have heard this mentioned before. Could you elaborate? Why is this a > problem? Please excuse my inexperience here. Upgrades require interaction from time to time, such as conffile merges. Even with packages that use debconf, the defaults you get with the noninteractive frontend aren't always what you want. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: woody/sarge vs. stable/testing in sources.list
Wednesday, May 19, 2004 5:14 AM Colin Watson wrote: > I *strongly* recommend against upgrading by cron job. Just don't do > it; there are lots of ways it can break. I have heard this mentioned before. Could you elaborate? Why is this a problem? Please excuse my inexperience here. Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Wed, May 19, 2004 at 11:14:12AM +0100, Colin Watson wrote: > > Ok, please forget _why_ I ask. The question remains - are the release > > codenames equivalent to "stable"/"testing" in sources.list? I dont > > You can safely use the codenames. Ok, thank you! > > And Greg, please think of machines running for a long time and upgrading > > automatically through a cronjob or something. > > I *strongly* recommend against upgrading by cron job. Just don't do it; > there are lots of ways it can break. I know that this is not recommended. But I often set up Debian machines for "friends" who have virtually no clue whatsoever and no intentions of changing this. The machines are obviously not very important but I want to provide at least a minimal level of security because if I do not it will be sooner that I have to spend time and efforts in fixing their broken-into boxes. Regards Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Tue, May 18, 2004 at 01:38:33PM -0700, Ping Wing wrote: > frankly, the fact that debian puts 'stable' in source.list > automatically is littlebit scaring. For example when sarge is new > stable one day, and im doing another (semi-)automatic apt-get upgrade, > theres good chance that this messes some things up. In my opinion semi-automaticaly updates sound scary itself... - Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Wed, May 19, 2004 at 03:13:23AM +0200, Matthias Czapla wrote: > On Tue, May 18, 2004 at 06:22:04PM -0400, Greg Folkert wrote: > > On Tue, 2004-05-18 at 15:54, Matthias Czapla wrote: > > > Can I safely use "woody" or "sarge" instead of stable and testing for > > > the distribution specifier in /etc/apt/sources.list or can this cause > > > trouble? Im afraid of an unwanted upgrade to a new distribution when > > > testing suddenly becomes stable. > > > > Sarge *SUDDENLY* becoming Stable. Don't make me laugh. > > > > We aren't even into freeze yet. > > > > When that happens, then you should maybe worry about that. > > Ok, please forget _why_ I ask. The question remains - are the release > codenames equivalent to "stable"/"testing" in sources.list? I dont > know but I could imagine that the distribution specifier is just being > used to build up a pathname on the http/ftp server. So the question > would be if there is a policy that debian mirrors are required to > provide links/directories named after the release or if they only > need to have stable, testing and unstable? You can safely use the codenames. > And Greg, please think of machines running for a long time and upgrading > automatically through a cronjob or something. I *strongly* recommend against upgrading by cron job. Just don't do it; there are lots of ways it can break. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Tue, May 18, 2004 at 01:38:33PM -0700, Ping Wing wrote: > Matthias Czapla wrote: > > Can I safely use "woody" or "sarge" instead of stable and testing > > for the distribution specifier in /etc/apt/sources.list or can this > > cause trouble? Im afraid of an unwanted upgrade to a new > > distribution when testing suddenly becomes stable. > > yes you can and imho it makse very much sense. as using 'stable' makes > no sense at all imho. > > frankly, the fact that debian puts 'stable' in source.list > automatically is littlebit scaring. For example when sarge is new > stable one day, and im doing another (semi-)automatic apt-get upgrade, > theres good chance that this messes some things up. It's quite deliberate. Some day, woody won't be security-supported any more. > for example, lately i had woody running , nice and clean. > Now I put 'sarge' everywhere in source.list and did 'apt-get update && > apt-get -u dist-upgrade'. > > Now, packages did'nt get upgraded, but most of the packages were > removed. And I had only woody's official packages installed, no > selfmade. Did you file a bug, or report this anywhere? > there are more things in debian that are weird, like most /etc/init.d/ > scripts that doesnt give you any feedback (at least not to stdout) Every Debian init.d script that starts a daemon says something like "Starting web server: apache." -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
> Sarge *SUDDENLY* becoming Stable. Don't make me > laugh. > > We aren't even into freeze yet. > > When that happens, then you should maybe worry about > that. it doesnt matter when it happen. I must read news every day, be prepared to change all my sources.list when it happens? thing is that when i keep 'stable' in my sources.list then one day when new stable is relased something gets messed up with automatic updates. I dont have only 1 or 2 servers to admin youknow.. So I take care that everywhere sources.list contain exact distribution name (that is not changeing symlink somewhere), like woody or sarge or potato etc.. cheers, http://www.axeltabs.com/ __ axel __ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Tue, May 18, 2004 at 06:22:04PM -0400, Greg Folkert wrote: > On Tue, 2004-05-18 at 15:54, Matthias Czapla wrote: > > Can I safely use "woody" or "sarge" instead of stable and testing for > > the distribution specifier in /etc/apt/sources.list or can this cause > > trouble? Im afraid of an unwanted upgrade to a new distribution when > > testing suddenly becomes stable. > > Sarge *SUDDENLY* becoming Stable. Don't make me laugh. > > We aren't even into freeze yet. > > When that happens, then you should maybe worry about that. Ok, please forget _why_ I ask. The question remains - are the release codenames equivalent to "stable"/"testing" in sources.list? I dont know but I could imagine that the distribution specifier is just being used to build up a pathname on the http/ftp server. So the question would be if there is a policy that debian mirrors are required to provide links/directories named after the release or if they only need to have stable, testing and unstable? And Greg, please think of machines running for a long time and upgrading automatically through a cronjob or something. Regards Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody/sarge vs. stable/testing in sources.list
On Tue, 2004-05-18 at 15:54, Matthias Czapla wrote: > Can I safely use "woody" or "sarge" instead of stable and testing for > the distribution specifier in /etc/apt/sources.list or can this cause > trouble? Im afraid of an unwanted upgrade to a new distribution when > testing suddenly becomes stable. Sarge *SUDDENLY* becoming Stable. Don't make me laugh. We aren't even into freeze yet. When that happens, then you should maybe worry about that. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part
Re: woody/sarge vs. stable/testing in sources.list
> Can I safely use "woody" or "sarge" instead of > stable and testing for > the distribution specifier in /etc/apt/sources.list > or can this cause > trouble? Im afraid of an unwanted upgrade to a new > distribution when > testing suddenly becomes stable. yes you can and imho it makse very much sense. as using 'stable' makes no sense at all imho. frankly, the fact that debian puts 'stable' in source.list automatically is littlebit scaring. For example when sarge is new stable one day, and im doing another (semi-)automatic apt-get upgrade, theres good chance that this messes some things up. for example, lately i had woody running , nice and clean. Now I put 'sarge' everywhere in source.list and did 'apt-get update && apt-get -u dist-upgrade'. Now, packages did'nt get upgraded, but most of the packages were removed. And I had only woody's official packages installed, no selfmade. As far as I remeber, I should've installed apt first, because woody's apt could'nt deal with those dependencies correctly to find packages to upgrade, and therefore most packages ( like postgrsql ) went to removal. there are more things in debian that are weird, like most /etc/init.d/ scripts that doesnt give you any feedback (at least not to stdout) - I've modified most of then manually, adding 'ps axuw|grep -i slapd' and so on.. And that slapd (openldap ) is running root:root ? why the hell? cheers, http://www.axeltabs.com/ __ axel. __ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
woody/sarge vs. stable/testing in sources.list
Hi! Can I safely use "woody" or "sarge" instead of stable and testing for the distribution specifier in /etc/apt/sources.list or can this cause trouble? Im afraid of an unwanted upgrade to a new distribution when testing suddenly becomes stable. Regards Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
