Re: Debian stable - updates

[Joe]

On Sun, 27 Jun 2021 07:46:58 -0500
John Hasler  wrote:

> Joe writes:
> > When I'm sufficiently
> > annoyed with the problem I'll do a reinstall but there are over 4000
> > packages...  
> 
> While I don't upgrade daily it's bad to let it get that far behind.

I do upgrade pretty much daily. I meant that if I reinstall manually,
that's a lot of packages, and if I reinstall in some automatic way
(e.g. get-selections) then I may just recreate the same problems,
depending on installation order. I've had a number of bugs, some of
which I've reported, which seem to be 'just me'. My Firefox currently
crashes tabs on most e-commerce or other complex sites, and I can't see
anyone else with the same problem. I think I have an old and crufty
system which needs a complete clean out.

A manual reinstall, of course, it would be spread out over time,
installing packages as I need them. Probably no more than half are in
regular use. It's still a job I'm putting off.

-- 
Joe

Re: Debian stable - updates

[John Hasler]

Joe writes:
> When I'm sufficiently
> annoyed with the problem I'll do a reinstall but there are over 4000
> packages...

While I don't upgrade daily it's bad to let it get that far behind.
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Re: Debian stable - updates

[The Wanderer]

On 2021-06-27 at 03:48, Francesco Florian wrote:

> On Sa, 26 Jun 2021, Andrei POPESCU wrote:
> 
>> [1] unless you're one of those still running dist-upgrade for every
>>  security update, just because `apt-get` doesn't install new
>> packages by default.
> 
> Actually, I'm one of those running on testing, since I believe it's
> stable enough for my workflow on a desktop (I snapshot the / and
> /home volumes before any upgrade, but in about 5 years I never had to
> rollback).
> 
> I didn't mean that tracking stable instead of buster is what
> everybody wants, just that it is a possibility, especially on
> desktop, provided you have backups (which you should have anyway).

For tracking testing, as I also do, using the symbolic name rather than
the explicit codename can make sense.

I actually track stable + testing, by those names, so that if a package
in stable is removed from testing I still have access to install it if I
discover the need to do so. For that purpose, using the symbolic name
for stable also makes sense.

However, for someone tracking *purely* stable without bringing in any of
the other repositories, I have to agree with those who advocate against
using that name instead of the release codename. I haven't been able to
think of any reasons why using the symbolic name in that case would make
sense, and I find the arguments about why doing so can lead to problems
to be persuasive.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Debian stable - updates

[Weaver]

On 27-06-2021 18:01, Joe wrote:
> On Sat, 26 Jun 2021 08:12:07 -0500
> John Hasler  wrote:
> 
>> Andrei writes:
>> > Unstable is challenging when you rely on that system for any kind of
>> > useful work, regardless if a movie night with friends or a big
>> > presentation at work, as each and every upgrade has the potential to
>> > break your system in new and interesting ways.
>>
>> I've run Unstable on my desktop for decades.  It's been at least 15
>> years since an upgrade gave me any serious trouble.  However, I don't
>> use a desktop environment (unless you call FVWM a DE) and I only
>> upgrade when it is both safe and necessary.
>>
>> I did recently have a problem with an Exim4 upgrade but I believe it
>> was primarily due to my customizations (I switched to Postfix as
>> that's the simplest way to do "wipe it all out and start over").
> 
> I've had a logjam for most of a year on a few items which can't be
> upgraded because of an odd dependency issue involving guile-2.0 and 2.2.
> 
> Yesterday, I had a need for inkscape, which I rarely use and which could
> only be installed by removing half a dozen programs I use much more
> often. So I put it on my stable netbook instead. When I'm sufficiently
> annoyed with the problem I'll do a reinstall but there are over 4000
> packages and if I do an automatic reinstall it will probably just
> recreate the same problem.
> 
> I think unstable is fine if you have an alternative computer,
> (basically, owning a computer is fine if you have an alternative
> computer) but by itself can occasionally mess things up.

I've used Unstable for many years as a reliable base for a small
business, and it rarely lets me down in any serious way. I switched to
it after experiencing slow bug fixes on Testing. Occasionally one
programme or another may get a little flighty, but it doesn't affect the
rest of the system, and is always fixed within 24 hours.
I wouldn't think of moving.
Cheers!

Harry.

-- 
`When injustice becomes law, resistance becomes duty' 
-- Thomas Jefferson

Re: Debian stable - updates

[Joe]

On Sat, 26 Jun 2021 08:12:07 -0500
John Hasler  wrote:

> Andrei writes:
> > Unstable is challenging when you rely on that system for any kind of
> > useful work, regardless if a movie night with friends or a big
> > presentation at work, as each and every upgrade has the potential to
> > break your system in new and interesting ways.  
> 
> I've run Unstable on my desktop for decades.  It's been at least 15
> years since an upgrade gave me any serious trouble.  However, I don't
> use a desktop environment (unless you call FVWM a DE) and I only
> upgrade when it is both safe and necessary.
> 
> I did recently have a problem with an Exim4 upgrade but I believe it
> was primarily due to my customizations (I switched to Postfix as
> that's the simplest way to do "wipe it all out and start over").

I've had a logjam for most of a year on a few items which can't be
upgraded because of an odd dependency issue involving guile-2.0 and 2.2.

Yesterday, I had a need for inkscape, which I rarely use and which could
only be installed by removing half a dozen programs I use much more
often. So I put it on my stable netbook instead. When I'm sufficiently
annoyed with the problem I'll do a reinstall but there are over 4000
packages and if I do an automatic reinstall it will probably just
recreate the same problem.

I think unstable is fine if you have an alternative computer,
(basically, owning a computer is fine if you have an alternative
computer) but by itself can occasionally mess things up.

-- 
Joe

Re: Debian stable - updates

[Francesco Florian]

On Sa, 26 Jun 2021, Andrei POPESCU wrote:
> [1] unless you're one of those still running dist-upgrade for every 
> security update, just because `apt-get` doesn't install new packages by 
> default.

Actually, I'm one of those running on testing, since I believe it's stable
enough for my workflow on a desktop (I snapshot the / and /home volumes
before any upgrade, but in about 5 years I never had to rollback).

I didn't mean that tracking stable instead of buster is what everybody
wants, just that it is a possibility, especially on desktop, provided you
have backups (which you should have anyway).

Best regards
-- 
Francesco Florian


signature.asc
Description: PGP signature

Re: Debian stable - updates

[John Hasler]

Andrei writes:
> How do you determine the "safe and necessary"?

I follow the security list and scan -dev for warning of such things as
major transitions.  I upgrade individual packages as needed (usually
Firefox): this occasionally leads to a general upgrade.  I pay attention
to the output of "apt -s" and make sure I understand the consequences of
any proposed removals or "...but will not be installed..." messages,
especially when libraries are involved.

But I think it is mostly because I don't run a DE, especially Gnome.


-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Re: Debian stable - updates

[Andrei POPESCU]

On Sb, 26 iun 21, 08:12:07, John Hasler wrote:
> Andrei writes:
> > Unstable is challenging when you rely on that system for any kind of
> > useful work, regardless if a movie night with friends or a big
> > presentation at work, as each and every upgrade has the potential to
> > break your system in new and interesting ways.
> 
> I've run Unstable on my desktop for decades.  It's been at least 15
> years since an upgrade gave me any serious trouble.  However, I don't
> use a desktop environment (unless you call FVWM a DE) and I only upgrade
> when it is both safe and necessary.

How do you determine the "safe and necessary"?

(genuinely curious)

Package upgrades in unstable are also relevant for security, not just 
new features. And you could be the first one to encounter a particular 
bug, because of your particular setup, configuration, etc.

(if you do so please also report it)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Debian stable - updates

[John Hasler]

Andrei writes:
> Unstable is challenging when you rely on that system for any kind of
> useful work, regardless if a movie night with friends or a big
> presentation at work, as each and every upgrade has the potential to
> break your system in new and interesting ways.

I've run Unstable on my desktop for decades.  It's been at least 15
years since an upgrade gave me any serious trouble.  However, I don't
use a desktop environment (unless you call FVWM a DE) and I only upgrade
when it is both safe and necessary.

I did recently have a problem with an Exim4 upgrade but I believe it was
primarily due to my customizations (I switched to Postfix as that's the
simplest way to do "wipe it all out and start over").
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Re: Debian stable - updates

[Christian]

Hi and a very good day to all of you, 

thank you very much for the new input of yours. You're too kind.

@T.J. Duchene:

Thanks a lot for the warm welcome. That' s really nice. I enjoy it very 
much here.


Your instruction to update policies used by Debian stable is very good; 
I understand it much better now. Thanks a lot.
Stable and well-maintained are exactly what I'm looking for in an OS. So 
Debian stable seems to be perfectly suited for my purposes.
Plus: it's really lightweight (especially with xfce). Ideal for my 
Lenovo H520e. 


Thanks again for your kind help.


@Francesco Florian:

> This is, if you really want to track 'stable', i.e., automatically 
switch to the new stable release when it becomes such.


I see.
Yet personally I'd like to stay at Buster as long as I can.
Thanks for the suggestion anyway.

@Greg Wooledge:

Thanks so much for the warning and the additional info. It's much 
appreciated.



@Tomas:

Thanks to you as well.


@Andrew M.A. Cater

> If you say buster, then when buster slides to become oldstable, your 
system won't change underneath you suddenly.


Yes, that's exactly how I want it to be.
No nasty surprises and no big downloads (at least for the time being).

My sole means of internet connection is a UMTS-stick with 5 GB data 
available per 28 days. So I have to be able to plan well in advance for 
occasions like that.

Thanks a lot for the info.


@Andrei POPESCU:

> It's much better to use the codename instead and subscribe to 
debian-announce (in addition to debian-security-announce, of course).
> When a new release is announced start preparing for the upgrade, you 
have one year to do so.


Wow, that info is really new to me; well I'm just a beginner as far as 
Debian is concerned. But really good to know. Thanks a lot. 


> You might want to switch to `apt` instead.

Indeed I've made it a habit to use "apt" instead of "apt-get" for quite 
a while now.


Thanks for the additional info as well.


So I think (and hope) I understand much better now how Debian updates 
are to be configured and work.
It's really good to have a place to go to and post questions when help 
is needed. You´re a great community! I appreciate it very much. 


Thanks again to all of you for your kind help.

A very nice weekend and do keep safe.

Many greetings from Rosika 

Re: Debian stable - updates

[Andrei POPESCU]

On Vi, 25 iun 21, 15:50:56, steve wrote:
> Le 25-06-2021, à 06:38:32 -0600, D. R. Evans a écrit :
> 
> > For years I have run debian stable on my main desktop machine (the one I
> > am using to type this e-mail). It has had fewer major issues than any
> > other distribution I have tried.
> 
> Some even say that Debian is becoming annoying for that very reason…

:)
 
I ran Debian unstable on my main system for many years. It was a great 
learning experience, whether I wanted that or not.

Unstable is challenging when you rely on that system for any kind of 
useful work, regardless if a movie night with friends or a big 
presentation at work, as each and every upgrade has the potential to 
break your system in new and interesting ways.

Eventually I switched mostly to stable because of the time investment 
needed to maintain unstable *and* associated mitigation strategies.

I still have unstable (or testing) installations, e.g. to monitor 
support for my hardware, new developments, etc., but they are rarely (if 
ever) providing any essential service for me.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Debian stable - updates

[Andrei POPESCU]

On Vi, 25 iun 21, 15:02:51, to...@tuxteam.de wrote:
> On Fri, Jun 25, 2021 at 02:19:34PM +0200, Christian wrote:
> > Hi altogether,
> 
> [...]
> 
> > I quote:
> 
> > [...] There is a tradeoff, though. The software in Debian Stable is
> > usually fairly outdated.
> > In fact, it's usually outdated when the distribution first ships.
> > Now, that's not much of a problem for servers, but it's awful for
> > desktops. "
> 
> He is of course free to have this opinion :-)

Indeed, Debian stable must be "awful" for people suffering of 
"versionitis" ;)

(no offence intended, I ran unstable myself on my main system for many 
years)
 
> Some people like that, even on their desktops ;-)
> 
> If you need the-latest-and-greatest of "this specific package" there
> are usually ways around.
> 
> I, for example, have a very reduced set of packages I self-compile. I
> know I've to deal with the fall-out, and I know how to. But I couldn't
> possibly do that for the 2000+ packages installed in my system. I'm
> infinitely thankful to the maintainers doing that job, and for them to
> not make funny experiments.

For people new to Debian the backports repository is probably an easier 
start ;)

https://backports.debian.org/Instructions/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Debian stable - updates

[Andrei POPESCU]

On Vi, 25 iun 21, 20:44:51, Francesco Florian wrote:
> 
> You may want to change all instances of 'buster' to 'stable', so that 
> you don't have to bother changing it whenever new version of debian is 
> released as stable.
> This is, if you really want to track 'stable', i.e., automatically 
> switch to the new stable release when it becomes such.
> Just my 2c.

Let me add to the other voices disagreeing with this.

The only potential "benefit" to this is that every two years or so you 
will find yourself in the middle of a partial distribution upgrade[1] 
with no preparation.

It's much better to use the codename instead and subscribe to 
debian-announce (in addition to debian-security-announce, of course). 
When a new release is announced start preparing for the upgrade, you 
have one year to do so.

[1] unless you're one of those still running dist-upgrade for every 
security update, just because `apt-get` doesn't install new packages by 
default. You might want to switch to `apt` instead.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Debian stable - updates

[T.J. Duchene]

On Friday, June 25, 2021 7:19:34 AM CDT Christian wrote:
> Hi altogether,
> 
> as I´m a newcomer to Debian and coming from Lubuntu I searched for
> information as far as the release model is concerned.
> 
> I learned that there are three different releases: stable, testing, and
> unstable.
> 
> I know I´m not supposed to post any links here but for the sake of
> reference I´ll still do it this time (sorry).
> I´m referring to the article  "Debian vs Ubuntu" on
> https://linuxconfig.org/debian-vs-ubuntu .
> 
> I quote:
> 
> "Debian's stable release is insanely stable. There are few distributions
> in the same league when it comes to rock solid reliability.
> 
> [...] There is a tradeoff, though. The software in Debian Stable is
> usually fairly outdated.
> In fact, it's usually outdated when the distribution first ships. Now,
> that's not much of a problem for servers, but it's awful for desktops. "
> 
> Despite reading through the entire article I couldn´t really understand
> why the author refers to Debian stable as being "awful" for desktops.
> 
> So I have a question in order to be clear about the matter.
> 
> Is Debian stable safe to use - I mean in the sense that it gets security
> updates for the installed packages?
> 
> I don´t really care about updates which would introduce new features of
> programmes. All I´m concerned about is getting security updates so that
> I can use Debian stable as my daily driver.
> 
> Thanks in advance for your help.
> 
> Many greetings
> Rosika

Hi, Rosika!  Welcome to the community.  I hope you will enjoy your time here.

Yes, Debian Stable is very stable.  It is not perfect, but then no OS is.  The 
best endorsement that I can give any Linux distribution is that it is stable 
and well maintained.  Debian is certainly that.

Debian Stable gets regular updates from the Debian Security Team, a group that 
does not nearly get the credit it deserves.  You can use Debian Stable with a 
reasonable assurance that you will receive patches as needed.


If you need newer versions of software for some reason or another, you can 
always use Debian Backports.  You can also use Snap, Flatpak, and AppImage 
archives. Please be aware that Debian does not patch third party packaging. So 
use them at your own risk.  If you have skills as a coder, you can create your 
own packages from any of the Debian source trees.


So the arguments against Debian being outdated are pretty much moot and 
misinformed, in my opinion.

Take care, and once again, welcome!
T.J.

Re: Debian stable - updates

[Andrew M.A. Cater]

On Fri, Jun 25, 2021 at 03:18:06PM +0200, Christian wrote:
> Hi Tomas,
> 
> thank you so much for your reply.
> 
> > Thing is: "stable" means [...]  Only bug fixes and security patches go in.
> 
> Great! That is the most important aspect for me.
> I really don't need the latest-and-greatest version of packages. All I do
> need is a stable and secure system.
> So Debian stable turns out to be ideally suited for my purposes.
> 
> I've installed it in a VM for now (qemu, KVM) to see how it performs. I must
> say I'm very impressed. It runs smoothly even with just 1 GB RAM allocated
> to it.
> I'm sure it'll make a fine system as a production system.
> 
> Thanks again and keep safe.
> 
> Many greetings.
> Rosika
> 

Do reference the codename for the release: that way, you don't get a nasty
surprise. If your system says "stable" today, that's Debian 10.10. When 
Debian 11 comes along - soon now - you get a huge update all at once, and
things are likely to be unpredictable if you are a new Debian user.

If you say buster, then when buster slides to become oldstable, your
system won't change underneath you suddenly.

All the very best, as ever,

Andy C

> 

Re: Debian stable - updates

[Andrew M.A. Cater]

On Fri, Jun 25, 2021 at 03:06:57PM +0200, Christian wrote:
> Hi Doc Evans,
> 
> thanks a lot for your reply.
> 
> That´s great news indeed.
> The fact that Debian stable is rock solid is a great asset in itself. So
> together with security updates it will surely make for a fine production
> system especially for older
> computers like my Lenovo H520e desktop.
> 
> Thank you for clarifying the matter for me.
> 
> Many greetings and keep safe.
> Rosika
> 
> 
> 
Debian stable is tested over a couple of years before release and gets 
security support. It's not the latest and greatest, major changes every six
months, supported for nine months.

_Today_ - 25th June 2021 - because we're anticipating a stable release in ~6 
weeks - I might suggest installing that release when it comes out. If you don't 
and install
Debian 10.10 - Buster - today, then Debian 11 [Bullseye] will come along at 
the end of July if the release goes to plan.

All the very best, as ever,

Andy Cater

Re: Debian stable - updates

[tomas]

On Fri, Jun 25, 2021 at 08:44:51PM +0200, Francesco Florian wrote:
> On Fr, 25 Jun 2021, Christian wrote:
> 
> > I looked up  the respective file on my system and it looks like this:
> > 1     #
> > 2
> > 3     # deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
> > xfce-CD Binary-1 20210327-10:42]/ buster main
> > 4
> > 5     #deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
> > xfce-CD Binary-1 20210327-10:42]/ buster main
> > 6
> > 7     deb http://deb.debian.org/debian/ buster main
> > 8     deb-src http://deb.debian.org/debian/ buster main
> > 9
> > 10   deb http://security.debian.org/debian-security buster/updates main
> > 11   deb-src http://security.debian.org/debian-security buster/updates main
> > 12
> > 13   # buster-updates, previously known as 'volatile'
> > 14   deb http://deb.debian.org/debian/ buster-updates main
> > 15   deb-src http://deb.debian.org/debian/ buster-updates main
> > 16
> > 17   # This system was installed using small removable media
> > 18   # (e.g. netinst, live or single CD). The matching "deb cdrom"
> > 19   # entries were disabled at the end of the installation process.
> > 20  # For information about how to configure apt package sources,
> > 21  # see the sources.list(5) manual.
> 
> You may want to change all instances of 'buster' to 'stable' [...]

This isn't generally recommended: an upgrade may bring about bigger
changes that you don't want to "just happen" without being prepared.

But hey, it's possible :-)

Cheers
 - t


signature.asc
Description: Digital signature

Re: Debian stable - updates

[Greg Wooledge]

On Fri, Jun 25, 2021 at 08:44:51PM +0200, Francesco Florian wrote:
> You may want to change all instances of 'buster' to 'stable', so that you 
> don't have to bother changing it whenever new version of debian is released 
> as stable.


STRONG disagree!

You don't want that, because it means that at some point in the near
future, you'll get a shocking surprise as your system half-updates
itself, and probably pukes partway through.

A release upgrade should be planned and executed according to the release
notes, by hand.  Never by automated tools, and never at a time outside
of your direct control.

Re: Debian stable - updates

[Francesco Florian]

On Fr, 25 Jun 2021, Christian wrote:

> I looked up  the respective file on my system and it looks like this:
> 1     #
> 2
> 3     # deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
> xfce-CD Binary-1 20210327-10:42]/ buster main
> 4
> 5     #deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
> xfce-CD Binary-1 20210327-10:42]/ buster main
> 6
> 7     deb http://deb.debian.org/debian/ buster main
> 8     deb-src http://deb.debian.org/debian/ buster main
> 9
> 10   deb http://security.debian.org/debian-security buster/updates main
> 11   deb-src http://security.debian.org/debian-security buster/updates main
> 12
> 13   # buster-updates, previously known as 'volatile'
> 14   deb http://deb.debian.org/debian/ buster-updates main
> 15   deb-src http://deb.debian.org/debian/ buster-updates main
> 16
> 17   # This system was installed using small removable media
> 18   # (e.g. netinst, live or single CD). The matching "deb cdrom"
> 19   # entries were disabled at the end of the installation process.
> 20  # For information about how to configure apt package sources,
> 21  # see the sources.list(5) manual.

You may want to change all instances of 'buster' to 'stable', so that you don't 
have to bother changing it whenever new version of debian is released as stable.
This is, if you really want to track 'stable', i.e., automatically switch to 
the new stable release when it becomes such.
Just my 2c.
-- 
Francesco Florian


signature.asc
Description: PGP signature

Re: Debian stable - updates

[Christian]

Hi Greg,

thank you very much for your help. It's highly appreciated.

It's so good to have have some confirmation by such knowledgeable people 
like you.


So for now I think I won't have to change anything as I'm currently 
running Debian stable in a virtual machine.
Yet when setting it  up as a daily driver (as a main system) I'd 
consider applying the changes especially in view of microcode.


I'm really glad to have learnt something new (to me at least) again.

Thanks a lot for your help.

Many greetings and keep safe.
Rosika

Re: Debian stable - updates

[Greg Wooledge]

On Fri, Jun 25, 2021 at 06:11:17PM +0200, Christian wrote:
> I see. So in case I want it I'd have to add "contrib" and "non-free" in line
> 7 first.
> 
> Perhaps I'm a bit slow to understand, but what about lines 8, 11, 14 and 15
> then? All these also contain just "main". Would they have to be altered as
> well?

You probably want them all to be the same, yes.  It would be a highly
unusual case where you'd want contrib or non-free only in *one* of
your three repositories, or only in binary packages and not source
packages, or vice versa.

Re: Debian stable - updates

[Christian]

Hi Greg,

thank you so much for your very quick reply.

> It's not necessary at this time.

Good to know.

I see. So in case I want it I'd have to add "contrib" and "non-free" in 
line 7 first.


Perhaps I'm a bit slow to understand, but what about lines 8, 11, 14 and 
15 then? All these also contain just "main". Would they have to be 
altered as well?


Thanks a lot.
Rosika

Re: Debian stable - updates

[Greg Wooledge]

On Fri, Jun 25, 2021 at 05:55:18PM +0200, Christian wrote:
> On https://www.debian.org/security/#keeping-secure under "Keeping your
> Debian system secure" it says:
> 
> "You can use apt to easily get the latest security updates. This requires a
> line such as deb http://security.debian.org/debian-security buster/updates
> main contrib non-free
> in your /etc/apt/sources.list file. Then execute apt-get update && apt-get
> upgrade"
> 
> I looked up  the respective file on my system and it looks like this:
> [...]
> 7     deb http://deb.debian.org/debian/ buster main
> 8     deb-src http://deb.debian.org/debian/ buster main
> 9
> 10   deb http://security.debian.org/debian-security buster/updates main
> 11   deb-src http://security.debian.org/debian-security buster/updates main

> From the advice given at the debian page (see above) I gather I have to
> change the contents of line 10, right?

It's not necessary at this time.

> As there's just "main" in it right
> now I'd have to add "contrib" and "non-free" I think.

You only need to add contrib and non-free to the security line if you've
also added it to the primary repository line (line 7 in your file).

You're only using "main" right now, so you only need security updates
for main.

If at any time in the future you add contrib and/or non-free to your
primary repository (e.g. to install firmware or microcode), then you'll
want to add it to the security repository as well, so that you pick up
the security patches for those.

Re: Debian stable - updates

[Christian]

Hi again,

so sorry to bother you kind people once more. It turns out I've got an 
additional question regarding  updates.


On https://www.debian.org/security/#keeping-secure under "Keeping your 
Debian system secure" it says:


"You can use apt to easily get the latest security updates. This 
requires a line such as deb http://security.debian.org/debian-security 
buster/updates main contrib non-free
in your /etc/apt/sources.list file. Then execute apt-get update && 
apt-get upgrade"


I looked up  the respective file on my system and it looks like this:

1     #
2
3     # deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64 
xfce-CD Binary-1 20210327-10:42]/ buster main

4
5     #deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64 
xfce-CD Binary-1 20210327-10:42]/ buster main

6
7     deb http://deb.debian.org/debian/ buster main
8     deb-src http://deb.debian.org/debian/ buster main
9
10   deb http://security.debian.org/debian-security buster/updates main
11   deb-src http://security.debian.org/debian-security buster/updates main
12
13   # buster-updates, previously known as 'volatile'
14   deb http://deb.debian.org/debian/ buster-updates main
15   deb-src http://deb.debian.org/debian/ buster-updates main
16
17   # This system was installed using small removable media
18   # (e.g. netinst, live or single CD). The matching "deb cdrom"
19   # entries were disabled at the end of the installation process.
20  # For information about how to configure apt package sources,
21  # see the sources.list(5) manual.

From the advice given at the debian page (see above) I gather I have to 
change the contents of line 10, right? As there's just "main" in it 
right now I'd have to add "contrib" and "non-free" I think.

But what about line 11? Would I have to do the same there as well?

Thanks a lot in advance for your help.
Many greetings.
Rosika

Re: Debian stable - updates

[steve]

Le 25-06-2021, à 06:38:32 -0600, D. R. Evans a écrit :

For years I have run debian stable on my main desktop machine (the one 
I am using to type this e-mail). It has had fewer major issues than 
any other distribution I have tried.


Some even say that Debian is becoming annoying for that very reason…

Re: Debian stable - updates

[Christian]

Hi Didar,

thanks for your opinion as well.
Good to learn there are so many users satisfied with Debian stable.

Many greetings.
Rosika

Re: Debian stable - updates

[didar]

On Fri, Jun 25, 2021 at 06:38:32AM -0600, D. R. Evans wrote:
> Christian wrote on 6/25/21 6:19 AM:
> > 
> > 
> > Is Debian stable safe to use - I mean in the sense that it gets security
> > updates for the installed packages?
> > 
> 
> Yes, it does get security updates. It also gets non-security updates for
> some of the most popular packages.
> 
> For years I have run debian stable on my main desktop machine (the one I am
> using to type this e-mail). It has had fewer major issues than any other
> distribution I have tried.

I would like to second that.

I am currently on Debian Stable since 2019. I migrated away from Ubuntu which I
was using since 2006 and I am much happier.

Regards,
Didar

> 
>   Doc Evans
> 
> -- 
> Web:  http://enginehousebooks.com/drevans
> 

-- 
Two brothers, Mort and Bill, like to sail.  While Bill has a great
deal of experience, he certainly isn't the rigger Mort is.

Re: Debian stable - updates

[Christian]

Hi Tomas,

thank you so much for your reply.

> Thing is: "stable" means [...]  Only bug fixes and security patches 
go in.


Great! That is the most important aspect for me.
I really don't need the latest-and-greatest version of packages. All I 
do need is a stable and secure system.

So Debian stable turns out to be ideally suited for my purposes.

I've installed it in a VM for now (qemu, KVM) to see how it performs. I 
must say I'm very impressed. It runs smoothly even with just 1 GB RAM 
allocated to it.

I'm sure it'll make a fine system as a production system.

Thanks again and keep safe.

Many greetings.
Rosika

Re: Debian stable - updates

[Christian]

Hi Doc Evans,

thanks a lot for your reply.

That´s great news indeed.
The fact that Debian stable is rock solid is a great asset in itself. So 
together with security updates it will surely make for a fine production 
system especially for older

computers like my Lenovo H520e desktop.

Thank you for clarifying the matter for me.

Many greetings and keep safe.
Rosika

Re: Debian stable - updates

[tomas]

On Fri, Jun 25, 2021 at 02:19:34PM +0200, Christian wrote:
> Hi altogether,

[...]

> I quote:

> [...] There is a tradeoff, though. The software in Debian Stable is
> usually fairly outdated.
> In fact, it's usually outdated when the distribution first ships.
> Now, that's not much of a problem for servers, but it's awful for
> desktops. "

He is of course free to have this opinion :-)

Thing is: "stable" means that Debian stable doesn't (usually) change
the versions of installed software. Not without a strong reason. Only
bug fixes and security patches go in.

That means that you can usually update your operating system with closed
eyes, without fears that anything will stop working of a sudden.

Some people like that, even on their desktops ;-)

If you need the-latest-and-greatest of "this specific package" there
are usually ways around.

I, for example, have a very reduced set of packages I self-compile. I
know I've to deal with the fall-out, and I know how to. But I couldn't
possibly do that for the 2000+ packages installed in my system. I'm
infinitely thankful to the maintainers doing that job, and for them to
not make funny experiments.

Cheers
-- t


signature.asc
Description: Digital signature

Re: Debian stable - updates

[D. R. Evans]

Christian wrote on 6/25/21 6:19 AM:



Is Debian stable safe to use - I mean in the sense that it gets security
updates for the installed packages?



Yes, it does get security updates. It also gets non-security updates for some 
of the most popular packages.


For years I have run debian stable on my main desktop machine (the one I am 
using to type this e-mail). It has had fewer major issues than any other 
distribution I have tried.


  Doc Evans

--
Web:  http://enginehousebooks.com/drevans

Debian stable - updates

[Christian]

Hi altogether,

as I´m a newcomer to Debian and coming from Lubuntu I searched for 
information as far as the release model is concerned.


I learned that there are three different releases: stable, testing, and 
unstable.


I know I´m not supposed to post any links here but for the sake of 
reference I´ll still do it this time (sorry).
I´m referring to the article  "Debian vs Ubuntu" on 
https://linuxconfig.org/debian-vs-ubuntu .


I quote:

"Debian's stable release is insanely stable. There are few distributions 
in the same league when it comes to rock solid reliability.


[...] There is a tradeoff, though. The software in Debian Stable is 
usually fairly outdated.
In fact, it's usually outdated when the distribution first ships. Now, 
that's not much of a problem for servers, but it's awful for desktops. "


Despite reading through the entire article I couldn´t really understand 
why the author refers to Debian stable as being "awful" for desktops.


So I have a question in order to be clear about the matter.

Is Debian stable safe to use - I mean in the sense that it gets security 
updates for the installed packages?


I don´t really care about updates which would introduce new features of 
programmes. All I´m concerned about is getting security updates so that 
I can use Debian stable as my daily driver.


Thanks in advance for your help.

Many greetings
Rosika

Re: Debian Stable Updates Announcement SUA 197-1

[Andrew M.A. Cater]

On Tue, Mar 23, 2021 at 04:04:29PM -0700, David Christensen wrote:
> On 3/23/21 12:31 PM, Andrew M.A. Cater wrote:
> > On Tue, Mar 23, 2021 at 10:40:01AM -0700, David Christensen wrote:
> 
> > > I use Stretch for my daily driver laptop (Dell Latitude E6520) and UniFi
> > > Controller VPS.  ...
> > > I need to migrate the daily
> > > driver to Buster, but Buster does not like the Optimus graphics in the
> > > E6520.
> 
> > Have you tried installing the optimus under Buster
> 
> Looking in my notes, it looks like I tried installing
> nvidia-legacy-390xx-driver in January.  I do not see any URL for
> instructions.  The Debian wiki page for Optimus does not look familiar:
> 
>https://wiki.debian.org/NVIDIA%20Optimus
> 
> 
> In any case, my fumbling around only made things worse.  So, I wiped the SSD
> and did a fresh install KISS OOTB:
> 
> Insert debian-10.8.0-amd64-xfce-CD-1 USB flash drive.
> 
>   Debian GNU/Linux installer boot menu (BIOS mode)
>   Install
>   LanguageC
>   Continent or Region North America
>   Country, territory or area  United States
>   Keymap to use   American English
> 
> Pop-up dialog:
> 
>   Detect network hardware
> 
>   Some of your hardware needs non-free firmware files to operate.
>   The firwmare can be loaded from removable media, such as a USB
>   stick or floppy.
> 
>   The missing firmware files are: iwlwifi-6g2a-6.ucode
>   iwlwifi-6g2a-5.ucode
> 
>   If you have such media available now, insert it, and continue.
> 
>   Load missing fimrware from removable media?
> 
> Insert USB flash drive "usb64a" with "firmware" subdirectory
> containing Debian 10.8.0 firmware.  Choose "Yes".
> 
> Continue with install:
> 
>   Primary network interface   enp0s25
>   Hostnamedipsy
>   Domain name tracy.holgerdanske.com
>   Root password   ***
>   Full name for the new user  debian
>   Username for your account   debian
>   Choose a password for the new user  
>   Select your time zone   Pacific
>   Partitioning method manual
>   Encrypted volume (sda2_crypt) - 1.0 GB Linux device-mapper (crypt)
>#1 1.0 GB f  swap  swap
>   Encrypted volume (sda3_crypt) - 13.0 GB Linux device-mapper (crypt)
>#113.0 GB f  ext4  /
>   SCSI5 (0,0,0) (sda) - 60.0 GB ATA INTEL SSDSC2CW06
>#1  primary  999.3 MB  B  F  ext4  /boot
>#2  primary1.0 GB K  crypto   (sda2_crypt)
>#3  primary   13.0 GB K  crypto   (sda3_crypt)
>  45.0 GBFREESPACE
>   Finish partitioning and write changes to disk
>   Use a network mirrorYes
>   Mirror country  United States
>   Archive mirror  deb.debian.org
>   HTTP proxy  
>   Participate in the package usage survey No
>   Choose software to install
>   Debian desktop environment
>   Xfce
>   print server
>   SSH server
>   standard system utilities
>   Install the GRUB boot loader to th emaster boot record
>   Yes
>   Device for boot loader installation /dev/sda
> (ata-INTEL_SSDSC2SW060A3_***redacted***)
>   Installation complete   Continue
> 
>   Power down at POST.
> 
>   Remove installation media and firmware USB flash drive.
> 
> 
> The bug is back -- the desktop crashes within an hour when playing YouTube
> videos -- and the Dell Latitude E6520 laptop is on Craig's List.  So far,
> one scammer and two low-ballers.
> 
> 
> > - it's not as
> > straightforward as the standard install but there's a couple of steps
> > that will make it work. The main trick is to make sure that nvidia drivers
> > are never loaded until the point at which you've got everythng else
> > configured.
> 
> 
> If you have a URL with detailed instructions of how to install Buster on a
> laptop with Optimus, you have a laptop with Optimus, you followed the
> instructions, and the laptop can play YouTube videos for 24 hours without
> crashing, please post the URL.
> 
> 
> David
> 

OK - the trick is that for this to work out of the box, in my experience: 
you must NOT install any Nvidia drivers of any description or a desktop 
environment until after the prerequisites are in place - otherwise you end
up with instability. On the laptop I was using, the only way to get this
was to use bumblebee https://wiki.debian.org/Bumblebee. The 

Re: Debian Stable Updates Announcement SUA 197-1

[David Christensen]

On 3/23/21 12:31 PM, Andrew M.A. Cater wrote:

On Tue, Mar 23, 2021 at 10:40:01AM -0700, David Christensen wrote:



I use Stretch for my daily driver laptop (Dell Latitude E6520) and UniFi
Controller VPS.  ...
I need to migrate the daily
driver to Buster, but Buster does not like the Optimus graphics in the
E6520.


Have you tried installing the optimus under Buster 


Looking in my notes, it looks like I tried installing 
nvidia-legacy-390xx-driver in January.  I do not see any URL for 
instructions.  The Debian wiki page for Optimus does not look familiar:


   https://wiki.debian.org/NVIDIA%20Optimus


In any case, my fumbling around only made things worse.  So, I wiped the 
SSD and did a fresh install KISS OOTB:


Insert debian-10.8.0-amd64-xfce-CD-1 USB flash drive.

Debian GNU/Linux installer boot menu (BIOS mode)
Install
LanguageC
Continent or Region North America
Country, territory or area  United States
Keymap to use   American English

Pop-up dialog:

Detect network hardware

Some of your hardware needs non-free firmware files to operate.
The firwmare can be loaded from removable media, such as a USB
stick or floppy.

The missing firmware files are: iwlwifi-6g2a-6.ucode
iwlwifi-6g2a-5.ucode

If you have such media available now, insert it, and continue.

Load missing fimrware from removable media?

Insert USB flash drive "usb64a" with "firmware" subdirectory
containing Debian 10.8.0 firmware.  Choose "Yes".

Continue with install:

Primary network interface   enp0s25
Hostnamedipsy
Domain name tracy.holgerdanske.com
Root password   ***
Full name for the new user  debian
Username for your account   debian
Choose a password for the new user  
Select your time zone   Pacific
Partitioning method manual
Encrypted volume (sda2_crypt) - 1.0 GB Linux device-mapper (crypt)
 #1 1.0 GB f  swap  swap
Encrypted volume (sda3_crypt) - 13.0 GB Linux device-mapper (crypt)
 #113.0 GB f  ext4  /
SCSI5 (0,0,0) (sda) - 60.0 GB ATA INTEL SSDSC2CW06
 #1  primary  999.3 MB  B  F  ext4  /boot
 #2  primary1.0 GB K  crypto   (sda2_crypt)
 #3  primary   13.0 GB K  crypto   (sda3_crypt)
   45.0 GBFREESPACE
Finish partitioning and write changes to disk
Use a network mirrorYes
Mirror country  United States
Archive mirror  deb.debian.org
HTTP proxy  
Participate in the package usage survey No
Choose software to install
Debian desktop environment
Xfce
print server
SSH server
standard system utilities
Install the GRUB boot loader to th emaster boot record
Yes
	Device for boot loader installation	/dev/sda 
(ata-INTEL_SSDSC2SW060A3_***redacted***)

Installation complete   Continue

Power down at POST.

Remove installation media and firmware USB flash drive.


The bug is back -- the desktop crashes within an hour when playing 
YouTube videos -- and the Dell Latitude E6520 laptop is on Craig's List. 
 So far, one scammer and two low-ballers.




- it's not as
straightforward as the standard install but there's a couple of steps
that will make it work. The main trick is to make sure that nvidia drivers
are never loaded until the point at which you've got everythng else
configured.



If you have a URL with detailed instructions of how to install Buster on 
a laptop with Optimus, you have a laptop with Optimus, you followed the 
instructions, and the laptop can play YouTube videos for 24 hours 
without crashing, please post the URL.



David

Re: Debian Stable Updates Announcement SUA 197-1

[Andrew M.A. Cater]

On Tue, Mar 23, 2021 at 10:40:01AM -0700, David Christensen wrote:
> On 3/23/21 9:44 AM, David Wright wrote:
> > On Tue 23 Mar 2021 at 07:52:52 (-0400), The Wanderer wrote:
> > > On 2021-03-23 at 07:43, Greg Wooledge wrote:
> > > 
> > > > I think the request was really "Please tell us how to use this
> > > > buster-proposed-updates thing, which I've never heard of before."
> > 
> > Actually I thought David wanted to do what I did, which is *not* to add
> > buster-proposed-updates to his sources.list, but just to poke around.
> 
> I was curious about the opportunity to evaluate point upgrades prior to
> release.
> 
> 
> > With good reason: ISTR that David runs his farm of machines on stretch.
> 
> I use Stretch for my daily driver laptop (Dell Latitude E6520) and UniFi
> Controller VPS.  I also have a Stretch USB flash drive instance for
> maintenance.  I use FreeBSD for my servers.  I need to migrate the daily
> driver to Buster, but Buster does not like the Optimus graphics in the
> E6520.  So, the plan is to sell the E6520, get a newer laptop with Intel
> graphics alone, put Buster on that, and migrate.  Migrating the VPS will
> likely involve backing up the existing instance, creating or leasing a new
> UniFi Controller instance, restoring onto the new instance, and then
> switching DNS.  Creating a Buster USB flash drive instance should be easy.
> 
Have you tried installing the optimus under Buster - it's not as 
straightforward as the standard install but there's a couple of steps
that will make it work. The main trick is to make sure that nvidia drivers
are never loaded until the point at which you've got everythng else 
configured.


> 
> > I didn't think anyone would miss the pattern in sources.list's buster,
> > buster-updates, buster-proposed-updates.
> 
> I have seen "buster" and "buster-updates" (and prior equivalents), but never
> "buster-proposed-updates".
> 
> 
> > However, I was unprepared for David's response today, of going back
> > to square one.
> 
> A fresh install of the current Stable point release would be the canonical
> starting point for testing proposed Stable point release updates.  This is
> an ideal use-case for virtualization.
> 
> 
> David
> 

Re: Debian Stable Updates Announcement SUA 197-1

[David Christensen]

On 3/23/21 9:44 AM, David Wright wrote:

On Tue 23 Mar 2021 at 07:52:52 (-0400), The Wanderer wrote:

On 2021-03-23 at 07:43, Greg Wooledge wrote:


I think the request was really "Please tell us how to use this
buster-proposed-updates thing, which I've never heard of before."


Actually I thought David wanted to do what I did, which is *not* to add
buster-proposed-updates to his sources.list, but just to poke around.


I was curious about the opportunity to evaluate point upgrades prior to 
release.



With good reason: 
ISTR that David runs his farm of machines on stretch.


I use Stretch for my daily driver laptop (Dell Latitude E6520) and UniFi 
Controller VPS.  I also have a Stretch USB flash drive instance for 
maintenance.  I use FreeBSD for my servers.  I need to migrate the daily 
driver to Buster, but Buster does not like the Optimus graphics in the 
E6520.  So, the plan is to sell the E6520, get a newer laptop with Intel 
graphics alone, put Buster on that, and migrate.  Migrating the VPS will 
likely involve backing up the existing instance, creating or leasing a 
new UniFi Controller instance, restoring onto the new instance, and then 
switching DNS.  Creating a Buster USB flash drive instance should be easy.




I didn't think anyone would miss the pattern in sources.list's buster,
buster-updates, buster-proposed-updates.


I have seen "buster" and "buster-updates" (and prior equivalents), but 
never "buster-proposed-updates".




However, I was unprepared for David's response today, of going back
to square one.


A fresh install of the current Stable point release would be the 
canonical starting point for testing proposed Stable point release 
updates.  This is an ideal use-case for virtualization.



David

Re: Debian Stable Updates Announcement SUA 197-1

[David Wright]

On Tue 23 Mar 2021 at 09:31:52 (-0700), David Christensen wrote:
> On 3/22/21 8:34 PM, David Wright wrote:
> > On Mon 22 Mar 2021 at 17:26:14 (-0700), David Christensen wrote:
> > > On 3/22/21 5:03 PM, Keith Wyatt wrote:
> > > 
> > > > As o[f]
> > > > now it will include the following bug fixes. They can be found in 
> > > > "buster-
> > > > proposed-updates", which is carried by all official mirrors.
> > > 
> > > Please provide a URL.
> > 
> > Do you mean for the .deb files themselves. AIUI they're in the
> > pool with all the rest. As for the changes files, they're in
> > 
> > http://XX/debian/dists/buster-proposed-updates/
> > 
> > where XX is whatever you put in /etc/apt/sources.list
> > as your local mirror.
> 
> Thank you for the response.
> 
> Browsing:
> 
> http://ftp.us.debian.org/debian/dists/buster-proposed-updates/
> 
> Yes, I do see many *.changes files (one for each package and
> architecture combination).
> 
> But, that does not tell me how to *use* the information presented --
> e.g. that proposed Debian Stable updates are available (for testing).

I would say "for trying out"; "testing" is rather ambiguous in this context.

> Assuming that I start with a fresh install of:
> 
> debian-10.8.0-amd64-xfce-CD-1.iso
> 
> How do I download and/or install the proposed updates?
> 
> That is the URL I need.

It's not a URL, but just another line in sources.list.

But I myself prefer to just download .debs automatically with the
usual three lines:

deb http://deb.debian.org/debian/ buster main non-free contrib
deb http://security.debian.org/debian-security buster/updates main contrib 
non-free
deb http://deb.debian.org/debian/ buster-updates main contrib non-free

… and a cron job, then peruse and install them; and I treat
point releases in just the same way.

Cheers,
David.

Re: Debian Stable Updates Announcement SUA 197-1

[David Wright]

On Tue 23 Mar 2021 at 07:52:52 (-0400), The Wanderer wrote:
> On 2021-03-23 at 07:43, Greg Wooledge wrote:
> 
> > I think the request was really "Please tell us how to use this
> > buster-proposed-updates thing, which I've never heard of before."

Actually I thought David wanted to do what I did, which is *not* to add
buster-proposed-updates to his sources.list, but just to poke around.
With good reason: ISTR that David runs his farm of machines on stretch.

I didn't think anyone would miss the pattern in sources.list's buster,
buster-updates, buster-proposed-updates.

However, I was unprepared for David's response today, of going back
to square one.

> > Here's a wiki page: 
> > However, I would not follow its advice literally.  You *never* want
> > to put the word "stable" in your sources.list.  You want to put the
> > actual name of a release instead.
> 
> That depends on what your update patterns are. It's probably generally
> good advice, but it's certainly not universal.

Agreed, it's not universal practice, but it might be worth having
as a default for advice.

> For myself, I have stable and testing in my sources.liist, and usually
> update at least weekly if not daily. This is effectively updating
> against testing, but keeps packages in stable which have been removed
> from testing available to be installed if I want them.
> 
> When testing is released as stable and a new testing becomes available,
> I lose access to the packages which were previously in stable (now
> oldstable), which are old enough that it's probably not reasonable to
> want to install them without specifically knowing that that's what
> you're doing; I retain access to the packages previously in testing
> (because they're now in stable, which is already in my sources.list); I
> gain access to the new testing, to continue the pattern; and I do it all
> without having to update sources.list for the purpose.
> 
> I don't see how that's unsafe or unreasonable; certainly I've been doing
> it for years, I believe for over a decade, without encountering issues
> which I think could even potentially be traced to it.
> 
> > So, wherever the wiki says to use stable-proposed-updates, please
> > use buster-proposed-updates instead.
> 
> This is generally reasonable, however. My update pattern is unlikely to
> be typical, and might be considered a special use-case.

To be fair, once you've added testing, then you're in the category of
a rolling-update Debian distribution, which is not the same as the
target of that webpage, a rolling-update Debian Stable distribution.

The problem that putting "stable" into sources.list causes is, of
course, the shock of Release Day to people who might be quite
unprepared for it. It's difficult to envisage that you're unprepared
for the effect of that day on testing.

Cheers,
David.

Re: Debian Stable Updates Announcement SUA 197-1

[David Christensen]

On 3/23/21 4:43 AM, Greg Wooledge wrote:

On Mon, Mar 22, 2021 at 10:34:12PM -0500, David Wright wrote:

On Mon 22 Mar 2021 at 17:26:14 (-0700), David Christensen wrote:

On 3/22/21 5:03 PM, Keith Wyatt wrote:


As o[f]
now it will include the following bug fixes. They can be found in "buster-
proposed-updates", which is carried by all official mirrors.


Please provide a URL.


Do you mean for the .deb files themselves. AIUI they're in the
pool with all the rest. As for the changes files, they're in

http://XX/debian/dists/buster-proposed-updates/

where XX is whatever you put in /etc/apt/sources.list
as your local mirror.


I think the request was really "Please tell us how to use this
buster-proposed-updates thing, which I've never heard of before."

Here's a wiki page: 
However, I would not follow its advice literally.  You *never* want
to put the word "stable" in your sources.list.  You want to put the
actual name of a release instead.

So, wherever the wiki says to use stable-proposed-updates, please use
buster-proposed-updates instead.



Thank you for understanding practicality.  :-)


David

Re: Debian Stable Updates Announcement SUA 197-1

[David Christensen]

On 3/22/21 8:34 PM, David Wright wrote:

On Mon 22 Mar 2021 at 17:26:14 (-0700), David Christensen wrote:

On 3/22/21 5:03 PM, Keith Wyatt wrote:


As o[f]
now it will include the following bug fixes. They can be found in "buster-
proposed-updates", which is carried by all official mirrors.


Please provide a URL.


Do you mean for the .deb files themselves. AIUI they're in the
pool with all the rest. As for the changes files, they're in

http://XX/debian/dists/buster-proposed-updates/

where XX is whatever you put in /etc/apt/sources.list
as your local mirror.



Thank you for the response.


Browsing:

http://ftp.us.debian.org/debian/dists/buster-proposed-updates/


Yes, I do see many *.changes files (one for each package and 
architecture combination).



But, that does not tell me how to *use* the information presented -- 
e.g. that proposed Debian Stable updates are available (for testing).



Assuming that I start with a fresh install of:

debian-10.8.0-amd64-xfce-CD-1.iso


How do I download and/or install the proposed updates?


That is the URL I need.


David

Re: Debian Stable Updates Announcement SUA 197-1

[Andrei POPESCU]

On Ma, 23 mar 21, 07:52:52, The Wanderer wrote:
> On 2021-03-23 at 07:43, Greg Wooledge wrote:
> 
> > I think the request was really "Please tell us how to use this
> > buster-proposed-updates thing, which I've never heard of before."
> > 
> > Here's a wiki page: 
> > However, I would not follow its advice literally.  You *never* want
> > to put the word "stable" in your sources.list.  You want to put the
> > actual name of a release instead.
> 
> That depends on what your update patterns are. It's probably generally
> good advice, but it's certainly not universal.

Agreed. I seem to remember some postings from users that had 'stable' on 
purpose in their sources.list.
 
> > So, wherever the wiki says to use stable-proposed-updates, please
> > use buster-proposed-updates instead.
> 
> This is generally reasonable, however. My update pattern is unlikely to
> be typical, and might be considered a special use-case.

Also, those who do have 'stable' in their APT package sources will know 
to use 'stable' for -updates and -proposed-updates as well, so the wiki 
should probably be changed.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Debian Stable Updates Announcement SUA 197-1

[The Wanderer]

On 2021-03-23 at 07:43, Greg Wooledge wrote:

> I think the request was really "Please tell us how to use this
> buster-proposed-updates thing, which I've never heard of before."
> 
> Here's a wiki page: 
> However, I would not follow its advice literally.  You *never* want
> to put the word "stable" in your sources.list.  You want to put the
> actual name of a release instead.

That depends on what your update patterns are. It's probably generally
good advice, but it's certainly not universal.

For myself, I have stable and testing in my sources.liist, and usually
update at least weekly if not daily. This is effectively updating
against testing, but keeps packages in stable which have been removed
from testing available to be installed if I want them.

When testing is released as stable and a new testing becomes available,
I lose access to the packages which were previously in stable (now
oldstable), which are old enough that it's probably not reasonable to
want to install them without specifically knowing that that's what
you're doing; I retain access to the packages previously in testing
(because they're now in stable, which is already in my sources.list); I
gain access to the new testing, to continue the pattern; and I do it all
without having to update sources.list for the purpose.

I don't see how that's unsafe or unreasonable; certainly I've been doing
it for years, I believe for over a decade, without encountering issues
which I think could even potentially be traced to it.

> So, wherever the wiki says to use stable-proposed-updates, please
> use buster-proposed-updates instead.

This is generally reasonable, however. My update pattern is unlikely to
be typical, and might be considered a special use-case.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Debian Stable Updates Announcement SUA 197-1

[Greg Wooledge]

On Mon, Mar 22, 2021 at 10:34:12PM -0500, David Wright wrote:
> On Mon 22 Mar 2021 at 17:26:14 (-0700), David Christensen wrote:
> > On 3/22/21 5:03 PM, Keith Wyatt wrote:
> > 
> > > As o[f]
> > > now it will include the following bug fixes. They can be found in "buster-
> > > proposed-updates", which is carried by all official mirrors.
> > 
> > Please provide a URL.
> 
> Do you mean for the .deb files themselves. AIUI they're in the
> pool with all the rest. As for the changes files, they're in
> 
> http://XX/debian/dists/buster-proposed-updates/
> 
> where XX is whatever you put in /etc/apt/sources.list
> as your local mirror.

I think the request was really "Please tell us how to use this
buster-proposed-updates thing, which I've never heard of before."

Here's a wiki page: 
However, I would not follow its advice literally.  You *never* want
to put the word "stable" in your sources.list.  You want to put the
actual name of a release instead.

So, wherever the wiki says to use stable-proposed-updates, please use
buster-proposed-updates instead.

Re: Debian Stable Updates Announcement SUA 197-1

[David Wright]

On Mon 22 Mar 2021 at 17:26:14 (-0700), David Christensen wrote:
> On 3/22/21 5:03 PM, Keith Wyatt wrote:
> 
> > As o[f]
> > now it will include the following bug fixes. They can be found in "buster-
> > proposed-updates", which is carried by all official mirrors.
> 
> Please provide a URL.

Do you mean for the .deb files themselves. AIUI they're in the
pool with all the rest. As for the changes files, they're in

http://XX/debian/dists/buster-proposed-updates/

where XX is whatever you put in /etc/apt/sources.list
as your local mirror.

Cheers,
David.

Re: Debian Stable Updates Announcement SUA 197-1

[David Christensen]

On 3/22/21 5:03 PM, Keith Wyatt wrote:


As o
now it will include the following bug fixes. They can be found in "buster-
proposed-updates", which is carried by all official mirrors.



Please provide a URL.


David

Debian Stable Updates Announcement SUA 197-1

[Keith Wyatt]

Debian Stable Updates Announcement SUA 197-1 https://www.debian.org/
debian-rele...@lists.debian.org  Adam D. Barratt
March 22nd, 2021


Upcoming Debian 10 Update (10.9)

An update to Debian 10 is scheduled for Saturday, March 27th, 2021. As o
now it will include the following bug fixes. They can be found in "buster-
proposed-updates", which is carried by all official mirrors.

Please note that packages published through security.debian.org are not
listed, but will be included if possible. Some of the updates below are also
already available through "buster-updates".

Testing and feedback would be appreciated. Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of them
by copying "debian-rele...@lists.debian.org" on your mails.

The point release will also include a rebuild of debian-installer.


Miscellaneous Bugfixes
--

This stable update adds a few important corrections to the following
packages:

  PackageReason
  -----

  avahi  Remove avahi-daemon-check-dns mechanism, no
 longer needed

  base-files Update /etc/debian_version for the 10.9 point
 release

  cloud-init Avoid logging generated passwords to world-
 readable log files [CVE-2021-3429]

  debian-archive-keyring Add bullseye keys; retire jessie keys

  debian-installer   Use 4.19.0-16 Linux kernel ABI

  exim4  Fix use of concurrent TLS connections under
 GnuTLS; fix TLS certificate verification with
 CNAMEs; README.Debian: document the
 limitation/extent of server certificate
 verification in the default configuration

  fetchmail  No longer report "System error during
 SSL_connect(): Success"; remove OpenSSL version
 check

  fwupd  Add SBAT support

  fwupdate   Add SBAT support

  gdnsd  Fix stack overflow with overly-large IPv6
 addresses [CVE-2019-13952]

  groff  Rebuild against ghostscript 9.27

  hwloc-contrib  Enable support for ppc64el

  intel-microcodeUpdate various microcode

  iputilsFix ping rounding errors; fix tracepath target
 corruption

  jquery Fix untrusted code execution vulnerabilities
 [CVE-2020-11022 CVE-2020-11023]

  libbsd Fix out-of-bounds read issue [CVE-2019-20367]

  libpano13  Fix format string vulnerability

  libreofficeDo not load encodings.py from current directoy

  linux  New upstream stable release; bump ABI to -16;
 rotate secure boot signing keys

  linux-latest   Update to -16 kernel ABI

  lirc   Normalize embedded ${DEB_HOST_MULTIARCH} value
 in /etc/lirc/lirc_options.conf to find
 unmodified configuration files on all
 architectures; recommend gir1.2-vte-2.91
 instead of non-existant gir1.2-vte

  m2crypto   Fix test failure with recent OpenSSL

  openafsFix outgoing connections after unix epoch time
 0x6000 (14 January 2021)

  portaudio19Handle EPIPE from
 alsa_snd_pcm_poll_descriptors, fixing crash

  postgresql-11  New upstream stable release; fix information
 leakage in constraint-violation error messages
 [CVE-2021-3393]; fix CREATE INDEX CONCURRENTLY
 to wait for concurrent prepared transactions

  privoxySecurity issues [CVE-2020-35502 CVE-2021-20209
 CVE-2021-20210 CVE-2021-20211 CVE-2021-20212
 CVE-2021-20213 CVE-2021-20214 CVE-2021-20215
 CVE-2021-20216 CVE-2021-20217 CVE-2021-20272
 CVE-2021-20273 CVE-2021-20275 CVE-2021-20276]

  python3.7  Fix CRLF injection in http.client
 [CVE-2020-26116]; fix buffer overflow in
 PyCArg_repr in _ctypes/callproc.c
 [CVE-2021-3177]

  redis