Hi, Attached patch updates the section of the securing-howto about how to apply security updates. Specifically, it updates it to how d-i treats security updates currently, advises to use the release codename instead of 'stable', and remove references to non-US which is long gone. Please consider it. Also, I see that the section on preparing security updates for DD's contains a note that it will "soon be removed". Please see this as a request from the security team to actually remove that section, since there's a perfectly fine version in the devref, where it should be, and this version is incorrect on a few points so only serves to confuse people. I see no reason to keep it around. Thanks, Thijs
Index: after-install.sgml =================================================================== --- after-install.sgml (revision 7938) +++ after-install.sgml (working copy) @@ -49,32 +49,19 @@ there might have been minor releases (there have been four for the Debian 3.0 <em>sarge</em> release) which include these package updates. -<p>You need to note down the date the removable media (if you are -using it) was made and check the security site in order to see if -there are security updates. If there are and you cannot download the -packages from the security site on another system (you are not -connected to the Internet yet? are you?) before connecting to the -network you could consider (if not protected by a firewall for -example) adding firewall rules so that your system could only connect -to security.debian.org and then run the update. A sample configuration -is shown in <ref id="fw-security-update">. +<p>During installation security updates are configured +for your system and pending updates downloaded and applied, unless you +specifically opt out of this or the system was not connected to the +Internet. The updates are applied even before the +first boot, so the new system starts its life as up to date as possible. -<p><em>Note:</em> Since Debian woody 3.0, after installation you are given the -opportunity to add security updates to the system. If you say 'yes' to this, -the installation system will take the appropriate steps to add the -source for security updates to your package sources and your system, if -you have an Internet connection, will download and install any security -updates that might have been produced after your media was created. -If you are upgrading a previous version of Debian, or you asked -the installation system not to do this, you should take the steps -described here. - <p>To manually update the system, put the following line in your <file>sources.list</file> and you will get security updates -automatically, whenever you update your system. +automatically, whenever you update your system. Replace +<em>codename</em> with the release codename, e.g. <em>squeeze</em>. <example> - deb http://security.debian.org/ stable/updates main contrib non-free + deb http://security.debian.org/ <em>codename</em>/updates main contrib non-free </example> <p><em>Note</em>: If you are using the <em>testing</em> branch use the security @@ -113,14 +100,7 @@ <file>/etc/apt/sources.list</file> as well. See <manref name="apt" section="8"> for further details. -<p>Note: You do <em>not</em> need to add the following line: -<example> - deb http://security.debian.org/debian-non-US stable/non-US main contrib non-free -</example> -<p>this is because security.debian.org is hosted in a non-US location and -doesn't have a separate non-US archive. - <sect1 id="lib-security-update">Security update of libraries <p>Once you have executed a security update you might need to restart some
Attachment:
signature.asc
Description: This is a digitally signed message part.