[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Securing-howto: update section about security upgrades


Attached patch updates the section of the securing-howto about how to apply 
security updates. Specifically, it updates it to how d-i treats security 
updates currently, advises to use the release codename instead of 'stable', 
and remove references to non-US which is long gone. Please consider it.

Also, I see that the section on preparing security updates for DD's contains a 
note that it will "soon be removed". Please see this as a request from the 
security team to actually remove that section, since there's a perfectly fine 
version in the devref, where it should be, and this version is incorrect on a 
few points so only serves to confuse people. I see no reason to keep it 

Index: after-install.sgml
--- after-install.sgml	(revision 7938)
+++ after-install.sgml	(working copy)
@@ -49,32 +49,19 @@
 there might have been minor releases (there have been four for the Debian
 3.0 <em>sarge</em> release) which include these package updates. 
-<p>You need to note down the date the removable media (if you are
-using it) was made and check the security site in order to see if
-there are security updates. If there are and you cannot download the
-packages from the security site on another system (you are not
-connected to the Internet yet? are you?) before connecting to the
-network you could consider (if not protected by a firewall for
-example) adding firewall rules so that your system could only connect
-to security.debian.org and then run the update. A sample configuration
-is shown in <ref id="fw-security-update">.
+<p>During installation security updates are configured
+for your system and pending updates downloaded and applied, unless you
+specifically opt out of this or the system was not connected to the
+Internet. The updates are applied even before the
+first boot, so the new system starts its life as up to date as possible.
-<p><em>Note:</em> Since Debian woody 3.0, after installation you are given the
-opportunity to add security updates to the system. If you say 'yes' to this,
-the installation system will take the appropriate steps to add the
-source for security updates to your package sources and your system, if
-you have an Internet connection, will download and install any security
-updates that might have been produced after your media was created.
-If you are upgrading a previous version of Debian, or you asked 
-the installation system not to do this, you should take the steps 
-described here.
 <p>To manually update the system, put the following line in your
 <file>sources.list</file> and you will get security updates
-automatically, whenever you update your system.
+automatically, whenever you update your system. Replace
+<em>codename</em> with the release codename, e.g. <em>squeeze</em>.
-  deb http://security.debian.org/ stable/updates main contrib non-free
+  deb http://security.debian.org/ <em>codename</em>/updates main contrib non-free
 <p><em>Note</em>: If you are using the <em>testing</em> branch use the security
@@ -113,14 +100,7 @@
 <file>/etc/apt/sources.list</file> as well. See 
 <manref name="apt" section="8"> for further details.
-<p>Note: You do <em>not</em> need to add the following line:
-  deb http://security.debian.org/debian-non-US stable/non-US main contrib non-free
-<p>this is because security.debian.org is hosted in a non-US location and 
-doesn't have a separate non-US archive.
 <sect1 id="lib-security-update">Security update of libraries
 <p>Once you have executed a security update you might need to restart some

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: