Re: Security updates for hold package
- Original Message - From: Andrei POPESCU Sent: 05/17/14 05:06 PM To: debian-user@lists.debian.org Subject: Re: Security updates for hold package You haven't yet stated why you need the backports kernel, but if you want to keep using it install the backports meta-package. I HAD to install kernel backport as I had been having issues with shutdown on Debian Wheezy 3.2.0.4-amd64 and Gnome3. Google results revealed there are similar problems when one is using Intel Haswell CPUs with Debian Wheezy stable. After upgrading to a kernel backport, I am able to do a proper shutdown. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140518151849.77...@gmx.com
Re: Security updates for hold package
On Jo, 15 mai 14, 19:35:40, Theodore Alcapotaxis wrote: - Original Message - From: Andrei POPESCU Sent: 05/15/14 04:50 AM To: debian-user@lists.debian.org Subject: Re: Security updates for hold package Assumptions: 1. You did not change the default priority for backports How does one change default priority for backports? What will happen if I change the default priority? Depends on how you change it, but the default works just fine, you don't need to adjust it. If you want to read more about it see man apt_preferences 2. You installed the linux-image-version-flavor package from backports and *not* the corresponding meta-package linux-image-flavour. Yes, I installed the linux-image-version-flavor package from backports. What is a meta-package? A meta-package is a package that exists only to depend on other packages. In the case of linux-image-flavour it will depend on the current kernel from the *same* release. Other meta-packages are used to install entire collections of software, or ensure automatic transitions when package names change (also called transition or dummy packages). Is it necessary to install it? Depends on what you want to achieve. If you somehow need (e.g. for hardware support) a newer kernel than available in stable I would advise you install linux-image-flavour from backports: apt-get install -t wheezy-backports linux-image-amd64 (you didn't mention which flavour you are using so I guessed amd64) This will make sure you're always upgraded to the current kernel in backports. Do make sure to keep the previous backports kernel around, in case you have troubles with the newer kernel. However, if you don't really need a newer kernel you might as well stay with stable. Just because you can doesn't mean you have to install a newer one. If your linux-image-flavour is from backports such changes will not be picked up automatically. What should I do to ensure that backported linux-image-flavor pick up such changes? This is out of your hands. As a user you can only choose between installing linux-image-flavour from stable, which will always depend on the latest stable kernel, or the version from backports, which will always depend on the latest backports kernel. You haven't yet stated why you need the backports kernel, but if you want to keep using it install the backports meta-package. The stable kernel will still be upgraded until an ABI bump happens (which may as well never happen for the lifetime of wheezy). It is a good idea to subscribe to the debian-security-announce mailing list, such changes will be announced there (along with all other security updates). Also, if you only keep it around as a double insurance it doesn't matter so much if it's not up-to-date, as long as it boots correctly. Just remember to update it if you use it for more than just a recovery boot. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Security updates for hold package
- Original Message - From: Andrei POPESCU Sent: 05/15/14 04:50 AM To: debian-user@lists.debian.org Subject: Re: Security updates for hold package Assumptions: 1. You did not change the default priority for backports How does one change default priority for backports? What will happen if I change the default priority? 2. You installed the linux-image-version-flavor package from backports and *not* the corresponding meta-package linux-image-flavour. Yes, I installed the linux-image-version-flavor package from backports. What is a meta-package? Is it necessary to install it? If your linux-image-flavour is from backports such changes will not be picked up automatically. What should I do to ensure that backported linux-image-flavor pick up such changes? Hope this helps, Your detailed explanation helped me a lot in understanding how Debian works. Thanks for your effort and time :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140515233540.323...@gmx.com
Security updates for hold package
Hi, can anybody explain to me what exactly happens if I place a package on hold? I have an application which unfortunately requires an older php version. If I now mark the package hold does this mean no major upgrade will be performed for this package or do I prevent security updates as well, with that action? Cheers Frank -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/537330ae.7040...@dead-link.org
Re: Security updates for hold package
On Mi, 14 mai 14, 11:00:30, Frank wrote: Hi, can anybody explain to me what exactly happens if I place a package on hold? I have an application which unfortunately requires an older php version. If I now mark the package hold does this mean no major upgrade will be performed for this package or do I prevent security updates as well, with that action? APT does not differentiate between major or security or whatever upgrade, just about version numbers. However, if you're on stable (or oldstable) there will be no major upgrades (whether you want them or not) unless you point your sources to the next release. If you want more specific information please provide the output of apt-cache policy package Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Security updates for hold package
On Wed, 14 May 2014 11:00:30 +0200 Frank fr...@dead-link.org wrote: Hi, can anybody explain to me what exactly happens if I place a package on hold? I have an application which unfortunately requires an older php version. If I now mark the package hold does this mean no major upgrade will be performed for this package or do I prevent security updates as well, with that action? Cheers Frank No upgrades (changes) will be performed, but you can pin package to e.g. version 1.0*. But if your package in repo gets upgraded to 1.1 then all security upgrades will be based on 1.1 and again you loose security upgrades. It can make sense only if both versions are parallely supported but it's usualy not so in same repo, but if you enable e.g. deb-multimedia, and deb-multimedia has newer version, but you want version from standard repo, then you can pin to version from standard repo with wilecard to ensure security upgrades from standard repo and block major upgrades (other repo). Kind regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140514113834.02c97...@eunet.rs
Re: Security updates for hold package
On 05/14/2014 11:35 AM, Andrei POPESCU wrote: APT does not differentiate between major or security or whatever upgrade, just about version numbers. However, if you're on stable (or oldstable) there will be no major upgrades (whether you want them or not) unless you point your sources to the next release. If you want more specific information please provide the output of apt-cache policy package Ok, let me reformulate the question. How can I achieve the following, Upgrade my system from Squeeze to Wheezy, keep the installed php packages as they are but don't prevent the system from installing security updates as long they are available for squeeze? Cheers Frank -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/537339f4.6080...@dead-link.org
Re: Security updates for hold package
On Wed, 14 May 2014 11:40:04 +0200 Frank fr...@dead-link.org wrote: On 05/14/2014 11:35 AM, Andrei POPESCU wrote: APT does not differentiate between major or security or whatever upgrade, just about version numbers. However, if you're on stable (or oldstable) there will be no major upgrades (whether you want them or not) unless you point your sources to the next release. If you want more specific information please provide the output of apt-cache policy package Ok, let me reformulate the question. How can I achieve the following, Upgrade my system from Squeeze to Wheezy, keep the installed php packages as they are but don't prevent the system from installing security updates as long they are available for squeeze? Cheers Frank Pin php packages to a=oldstable, 500 Pin-Priority 990. But to receive security support for squeeze past this month, you have to include squeeze-lts repo. Kind regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140514115317.770c1...@eunet.rs
Re: Security updates for hold package
On 05/14/2014 11:53 AM, Marko Randjelovic wrote: Pin php packages to a=oldstable, 500 Pin-Priority 990. But to receive security support for squeeze past this month, you have to include squeeze-lts repo. Excellent, thanks! Cheers Frank -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5373488f.4070...@dead-link.org
Re: Security updates for hold package
On 2014-05-14, Marko Randjelovic marko...@eunet.rs wrote: Pin php packages to a=oldstable, 500 Pin-Priority 990. But to receive security support for squeeze past this month, you have to include squeeze-lts repo. There is a specific squeeze-lts repository? If so, what should be put in /etc/apt/sources.list to benefit from the long term support? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnln6uk6.2if.cu...@einstein.electron.org
Re: Security updates for hold package
On Wed, 14 May 2014 14:16:37 + (UTC) Curt cu...@free.fr wrote: On 2014-05-14, Marko Randjelovic marko...@eunet.rs wrote: Pin php packages to a=oldstable, 500 Pin-Priority 990. But to receive security support for squeeze past this month, you have to include squeeze-lts repo. There is a specific squeeze-lts repository? If so, what should be put in /etc/apt/sources.list to benefit from the long term support? https://wiki.debian.org/LTS/Development -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140514162626.35671...@eunet.rs
Re: Security updates for hold package
On 2014-05-14, Marko Randjelovic marko...@eunet.rs wrote: There is a specific squeeze-lts repository? If so, what should be put in /etc/apt/sources.list to benefit from the long term support? https://wiki.debian.org/LTS/Development Thank you; I did search* but, contrary to the biblical claim, did not find. *maybe not hard enough -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnln6vuo.2if.cu...@einstein.electron.org
Re: Security updates for hold package
What happens if I am using Debian current stable but my linux-image is 3.12 (wheezy-backports)? - Original Message - From: Andrei POPESCU Sent: 05/14/14 05:35 PM To: debian-user@lists.debian.org Subject: Re: Security updates for hold package However, if you're on stable (or oldstable) there will be no major upgrades (whether you want them or not) unless you point your sources to the next release. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140514195909.278...@gmx.com
Re: Security updates for hold package
On Mi, 14 mai 14, 15:59:08, Theodore Alcapotaxis wrote: I wrote: However, if you're on stable (or oldstable) there will be no major upgrades (whether you want them or not) unless you point your sources to the next release. What happens if I am using Debian current stable but my linux-image is 3.12 (wheezy-backports)? Assumptions: 1. You did not change the default priority for backports 2. You installed the linux-image-version-flavor package from backports and *not* the corresponding meta-package linux-image-flavour. As far as I understand from lurking on -backports the backported kernels track testing. If the package in testing receives a security upgrade most probably the package in backports will too. If assumption 1. is correct you will receive such security upgrades. However, if the package in testing is replaced by a newer one the same will happen in backports. If assumption 2. is correct you will be stuck with the same kernel package (no upgrades of any kind) while backports moves on to newer versions. Since linux-image-flavor packages in backports are already depending on 3.13 images I assume 3.12 packages will be removed soon. I would recommend you install linux-image-flavor from backports and let it keep you kernel to the latest version available in backports. Kernel upgrades are usually quite safe to do, assuming you always keep around at least one known working kernel as backup. In case of kernels from backports you probably could/should keep two: the latest stable kernel and the previous backports kernel. To play it extra safe watch for security upgrades to the stable kernel and test that it still boots for you (see the recent thread where a security upgrade made a system unbootable). Also, it may happen that the kernel in stable gets an ABI change (e.g. it changes from linux-image-3.2.0-4-amd64 to linux-image-3.2.0-5-amd64). These are rare, but did happen in the past. If your linux-image-flavour is from backports such changes will not be picked up automatically. Hope this helps, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature