Re: apt-get install apache (was red worm amusement)
Yes, but when you're upgrading your existing packages, and the dependencies have changed to such a degree to require *new* packages, that almost always implies a major change, such as a stable - testing transition, not a security fix for a package in stable (which is what security.debian.org is for). Yes, that makes sense. I guess my point is that from the manpage paragraph, this wasn't immediately clear, so I wouldn't be surprised if there are other people who misinterpreted it the same way I did. Thanks for the clarification. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies.
Re: apt-get install apache (was red worm amusement)
I wasn't going to jump in on this thread/flamewar, but since I have been bouncing on D in the mailer a lot more than normal the last couple days, I feel like one more post won't hurt... so here's two cents worth. First, I want to encourage list posters in the future to reconsider voicing their opinions about non-Debian distributions and Microsoft on this list. I think it is possible to discuss sound security without bringing up a *BSD or slagging Microsoft. The initial question of What are these strange GETs in my Apache logs has a simple answer. Asked and answered-- the further relevance to Debian is dubious. Buried in the mess of emails was at least one good comment about how Apache is installed on Debian, and it's this topic that I want to comment on. Having just installed apache on a laptop so I could do some development work when off-network, I was surprised (for some reason) to find the service not only started up immediately, but also restarted after reboot. I don't know why I was surprised, except that it had been a while since I installed a service of any type using a package. Maybe I was surprised because almost nothing else I've ever done on Debian has been quite that easy. ;) Similarly, after a recent apt-get dist-upgrade (intended to grab security updates only, so should I remove the non security.debian.org URLs from /apt/sources?) on my firewall box, I somehow managed to get all of X windows installed and a copule of services I didn't want installed AND started AND added to /etc/rc*.d. Thankfully X windows still requires startx to get going, but the services (junkbuster and wwwoffle) were just there. And while reboots on that machine are limited to power outages, it's still extra work to administer that stuff into the 'off' position. To me the lack of warnings or configurability during an apt-get install for a service is a questionable practice. It would be nice if the apache install had at least asked Do you want to start this service immediately? and Do you want to start this service on reboot?. Then I would have been informed of the status of the service during install. Similar questions during dist-upgrade would have informed me that those packages (looking harmless enough in the long list of you are about to installs) actually were services, and would have at least allowed me to keep them from starting, if not installing. -michael [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get install apache (was red worm amusement)
On Sunday 22 July 2001 11:17 am, Rob VanFleet wrote: If you're upgrading for security and bug fixes, you use upgrade. apt-get remove junkbuster wwwoffle --purge Not so hard to me. Have you ever bothered to lower your message priority in debconf? dpkg-reconfigure debconf. Choose 'low'. Learn about the tools before you start to criticize them. Thanks for the tips and your patience, I certainly having some learning to do. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get install apache (was red worm amusement)
If you're upgrading for security and bug fixes, you use upgrade. In michael's defense, take this entry from the apt-get mapage: dist-upgrade dist-upgrade, in addition to performing the func tion of upgrade, also intelligently handles chang ing dependencies with new versions of packages; apt-get has a smart conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary. The /etc/apt/sources.list file contains a list of locations from which to retrieve desired package files. I agree we all need to know the tools we use, and I'll be the first to admit that I have learning to do too, just like michael. However, the manpage is where I start... and when I read this, it sure seemed like a good idea to use dist-upgrade rather than upgrade. Maybe I should have dug deeper to be sure, but... KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get install apache (was red worm amusement)
On Sun, Jul 22, 2001 at 07:28:31PM -0500, Kenneth Pronovici wrote: If you're upgrading for security and bug fixes, you use upgrade. In michael's defense, take this entry from the apt-get mapage: dist-upgrade dist-upgrade, in addition to performing the func tion of upgrade, also intelligently handles chang ing dependencies with new versions of packages; ^^^ Yes, but when you're upgrading your existing packages, and the dependencies have changed to such a degree to require *new* packages, that almost always implies a major change, such as a stable - testing transition, not a security fix for a package in stable (which is what security.debian.org is for). Upgrade does exactly as it implies, it upgrades your existing packages, and under no circumstances installs anything new, avoiding the whole I tried to upgrade to some security fixes and ended up with XFree86 and KDE issues. -Rob apt-get has a smart conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary. The /etc/apt/sources.list file contains a list of locations from which to retrieve desired package files. I agree we all need to know the tools we use, and I'll be the first to admit that I have learning to do too, just like michael. However, the manpage is where I start... and when I read this, it sure seemed like a good idea to use dist-upgrade rather than upgrade. Maybe I should have dug deeper to be sure, but... KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get install apache (was red worm amusement)
I wasn't going to jump in on this thread/flamewar, but since I have been bouncing on D in the mailer a lot more than normal the last couple days, I feel like one more post won't hurt... so here's two cents worth. First, I want to encourage list posters in the future to reconsider voicing their opinions about non-Debian distributions and Microsoft on this list. I think it is possible to discuss sound security without bringing up a *BSD or slagging Microsoft. The initial question of What are these strange GETs in my Apache logs has a simple answer. Asked and answered-- the further relevance to Debian is dubious. Buried in the mess of emails was at least one good comment about how Apache is installed on Debian, and it's this topic that I want to comment on. Having just installed apache on a laptop so I could do some development work when off-network, I was surprised (for some reason) to find the service not only started up immediately, but also restarted after reboot. I don't know why I was surprised, except that it had been a while since I installed a service of any type using a package. Maybe I was surprised because almost nothing else I've ever done on Debian has been quite that easy. ;) Similarly, after a recent apt-get dist-upgrade (intended to grab security updates only, so should I remove the non security.debian.org URLs from /apt/sources?) on my firewall box, I somehow managed to get all of X windows installed and a copule of services I didn't want installed AND started AND added to /etc/rc*.d. Thankfully X windows still requires startx to get going, but the services (junkbuster and wwwoffle) were just there. And while reboots on that machine are limited to power outages, it's still extra work to administer that stuff into the 'off' position. To me the lack of warnings or configurability during an apt-get install for a service is a questionable practice. It would be nice if the apache install had at least asked Do you want to start this service immediately? and Do you want to start this service on reboot?. Then I would have been informed of the status of the service during install. Similar questions during dist-upgrade would have informed me that those packages (looking harmless enough in the long list of you are about to installs) actually were services, and would have at least allowed me to keep them from starting, if not installing. -michael [EMAIL PROTECTED]
Re: apt-get install apache (was red worm amusement)
On Sun, Jul 22, 2001 at 07:59:47AM -0500, chandler wrote: Similarly, after a recent apt-get dist-upgrade (intended to grab security updates only, Then why did you dist-upgrade? I think it's pretty self-explanatory that if you're upgrading from one distribution to another (like from stable to testing) you use dist-upgrade. If you're upgrading for security and bug fixes, you use upgrade. so should I remove the non security.debian.org URLs from /apt/sources?) No, just don't use dist-upgrade and make sure all of your sources are pointing to the correct distribution of Debian you are tracking. on my firewall box, I somehow managed to get all of X windows installed and a copule of services I didn't want installed AND started AND added to /etc/rc*.d. Thankfully X windows still requires startx to get going, but the services (junkbuster and wwwoffle) were just there. And while reboots on that machine are limited to power outages, it's still extra work to administer that stuff into the 'off' position. apt-get remove junkbuster wwwoffle --purge Not so hard to me. To me the lack of warnings or configurability during an apt-get install for a service is a questionable practice. Have you ever bothered to lower your message priority in debconf? dpkg-reconfigure debconf. Choose 'low'. Learn about the tools before you start to criticize them. -Rob
Re: apt-get install apache (was red worm amusement)
On Sunday 22 July 2001 11:17 am, Rob VanFleet wrote: If you're upgrading for security and bug fixes, you use upgrade. apt-get remove junkbuster wwwoffle --purge Not so hard to me. Have you ever bothered to lower your message priority in debconf? dpkg-reconfigure debconf. Choose 'low'. Learn about the tools before you start to criticize them. Thanks for the tips and your patience, I certainly having some learning to do.