[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security.debian.org vs debian-lts respository



On Tue, Jun 17, 2014 at 03:08:51PM +0200, Jelle de Jong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 16/06/14 22:00, Matt Palmer wrote:
> > Hi Jelle,
> > 
> > On Mon, Jun 16, 2014 at 12:08:24PM +0200, Jelle de Jong wrote:
> >> So the only squeeze source I use is: deb 
> >> http://security.debian.org/ oldstable/updates main
> >> 
> >> # apt-show-versions | fgrep /oldstable 
> >> linux-image-2.6.32-5-486/oldstable uptodate 2.6.32-48squeeze6
> >> 
> >> What should I do to keep all my servers provided with a secured 
> >> 2.6 kernel, where will security updates for the kernel go to?
> > 
> > You should add the LTS sources.list entry to your systems:
> > 
> > deb http://http.debian.net/debian squeeze-lts main
> > 
> > New kernel updates will be released to that repository (I'm
> > working on one now).
> > 
> > - Matt
> 
> Thank you for your reply! I will replace my oldstable/sqeeuze sources
> with the squeeze-lts on all relevant systems.. +20...

No, please *extend* the list. Not replace it.
https://wiki.debian.org/LTS/Using

If you remove squeeze and/or squeeze security, dependencies will become 
unresolvable.

> I'm still wondering why the discussion was made to set-up a new
> security system and new sources. Why not use the current
> security.debian.org system add the check-support-status package and
> just make clear that packages not listed don’t get security support
> (this would have saved a lot of work for me and maybe others).

But would have created a lot of work for the security team [1], which 
should focus on stable instead.

[1] https://wiki.debian.org/LTS/FAQ#What_are_the_reasons_for_not_using_security.debian.org_for_the_LTS_security_updates.3F


-- 
Bruce Schneier can read and understand Perl programs.


Reply to: