Re: [DNG] ascii-security Was:Re: Security updates in Devuan
> On Sep 7, 2017, at 1:54 PM, KatolaZwrote: > > These things will clear out when amprolla3 comes up. We are almost > there. The current amprolla is not merging sone suites on ascii, > including ascii-updates and ascii-proposed-updates. I’m looking forward to a big update when it finally does. I hope amprolla3 is getting the priority attention it deserves. jf -- John Franklin frank...@tux.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
On Thu, Sep 07, 2017 at 10:22:57AM -0400, fsmithred wrote: [cut] > > I think there's nothing in ascii-security and ascii-updates. The Packages > files for both are empty. (I only checked amd64.) > > In contrast to that jessie-security, jessie-updates and > jessie-proposed-updates all have packages. > > Can someone explain the difference between -security, -updates and > -proposed-updates? What goes where, and why is ascii different from > jessie? Thanks. Questions about security updates come up regularly on d1g. > These things will clear out when amprolla3 comes up. We are almost there. The current amprolla is not merging sone suites on ascii, including ascii-updates and ascii-proposed-updates. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
On Thu, 2017-09-07 at 10:22 -0400, fsmithred wrote: > On 09/07/2017 08:55 AM, Svante Signell wrote: > > > > I think there's nothing in ascii-security and ascii-updates. The Packages > files for both are empty. (I only checked amd64.) > > In contrast to that jessie-security, jessie-updates and > jessie-proposed-updates all have packages. > > Can someone explain the difference between -security, -updates and > -proposed-updates? What goes where, and why is ascii different from > jessie? Thanks. Questions about security updates come up regularly on d1g. In my opinion they should be as follows: ascii-security: Debian stretch security updates, filtered so that if there is an older Devuan package it cannot be installed. ascii-updates: Remove, it serves no real purpose, or? ascii-proposed-updates: Devuan packages, not yet migrated into ascii. (similar to Debian packages in sid/unstable not yet merged into testing/buster. They do migrate to testing after normally 5-10 days if no RC bugs, etc blocks them) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ascii-security Was:Re: Security updates in Devuan
On 09/07/2017 08:55 AM, Svante Signell wrote: > On Thu, 2017-09-07 at 21:07 +0900, Olaf Meeuwissen wrote: >> Hi John, >> >> John Franklin writes: >> >>> I’ve seen several security alerts from Debian, but no matching >>> updates in Devuan. For example, the “file" package has >>> CVE-2017-1000249, released yesterday. >>> For the stable distribution (stretch), this problem has been fixed in version 1:5.30-1+deb9u1. > >> Uhm, Devuan ascii is testing. I'd think that doesn't get any security >> upgrades, just like Debian's testing (buster) doesn't get any. > > No, Devuan ascii is stretch, i.e. Debian stable. > > This upgrade should be available, but isn't: > Adding to /etc/apt/sources.list, > deb http://auto.mirror.devuan.org/merged ascii-security main > does not make it available: > apt-cache policy file > file: > Installed: 1:5.30-1 > Candidate: 1:5.30-1 > Version table: > *** 1:5.30-1 991 > 991 http://auto.mirror.devuan.org/merged ascii/main i386 Packages > 100 /var/lib/dpkg/status > ___ My sources.list is bigger than yours, and I see the same thing for file, but I know of two other cases in which the patched version found in stretch security is in ascii-proposed-updates - apache2: 2.4.25-3+deb9u2 0 10 http://security.debian.org/ stretch/updates/main amd64 Packages 100 http://auto.mirror.devuan.org/merged/ ascii-proposed-updates/main amd64 Packages chromium: 60.0.3112.78-1~deb9u1 0 10 http://security.debian.org/ stretch/updates/main amd64 Packages 100 http://auto.mirror.devuan.org/merged/ ascii-proposed-updates/main amd64 Packages I think there's nothing in ascii-security and ascii-updates. The Packages files for both are empty. (I only checked amd64.) In contrast to that jessie-security, jessie-updates and jessie-proposed-updates all have packages. Can someone explain the difference between -security, -updates and -proposed-updates? What goes where, and why is ascii different from jessie? Thanks. Questions about security updates come up regularly on d1g. fsmithred ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] ascii-security Was:Re: Security updates in Devuan
On Thu, 2017-09-07 at 21:07 +0900, Olaf Meeuwissen wrote: > Hi John, > > John Franklin writes: > > > I’ve seen several security alerts from Debian, but no matching > > updates in Devuan. For example, the “file" package has > > CVE-2017-1000249, released yesterday. > > > > > For the stable distribution (stretch), this problem has been fixed in > > > version 1:5.30-1+deb9u1. > Uhm, Devuan ascii is testing. I'd think that doesn't get any security > upgrades, just like Debian's testing (buster) doesn't get any. No, Devuan ascii is stretch, i.e. Debian stable. This upgrade should be available, but isn't: Adding to /etc/apt/sources.list, deb http://auto.mirror.devuan.org/merged ascii-security main does not make it available: apt-cache policy file file: Installed: 1:5.30-1 Candidate: 1:5.30-1 Version table: *** 1:5.30-1 991 991 http://auto.mirror.devuan.org/merged ascii/main i386 Packages 100 /var/lib/dpkg/status ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng