Re: Disabling automatic upgrades on Sid by default?
On Sun, Dec 27, 2020 at 10:58 PM Lyndon Brown wrote:
> The problem with using testing as a rolling distro
Your mail reminded me about Constantly Usable Testing:
https://cut.debian.net/
> Using testing and manually pulling in select upgrades from unstable in
> such situations addresses that issue in theory, but places a huge
> burden on users to determine each day what unstable updates might
> include a security update. I'm not sure there's a reliable enough
> automated means of accomplishing this.
The security team are already manually maintaining info about which
versions of packages in unstable/testing fix security issues known
about in the security tracker, based on package changelogs and other
sources of information. For the most part, automatically pulling in
those versions using debsecan output as input to apt pinning (#725934)
and unattended-upgrades for the actual upgrades works just fine,
except when transitions in unstable are taking longer than normal to
be resolved. I have been doing this for several years now and the
issues with u-u and pinning seem to be resolved now, so it is fairly
reliable. There are still situations u-u can't resolve that mean you
have to do occasional manual upgrades though.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: