Re: Package management and security
Frédéric PICA wrote:
Thanks for your answer,
So I need to do an apt-get dist-upgrade in my cron job to be sure to
always have the latest security fixes ?
What's the risk to have a needed package uninstalled by that way ?
My goal is to have the latest security fixes for a server, but I have
to be sure that dist-upgrade will not broke my server by removing
needed pacakges, for example mod_php for apache or things like that.
FP
2007/6/7, Riku Valli <riku.valli@vallit.fi
<mailto:riku.valli@vallit.fi>>:
Frédéric PICA wrote:
> Greets,
>
> I saw in 'man apt-get' that using apt-get upgrade does not
install new
> packages or remove an already installed package.
> Is it possible that I did'nt get the latest security fixes using
> apt-get upgade in a cron job ?
> I think particularly about security fixes that can't be retro-ported
> to the debian stable version and needs to upgrade the package to the
> latest author available version, what's going on if the package
> dependencies changes ? Does the security patched will be installed
> with it's new dependencies anyway or does the package will not be
> upgraded ?
>
> Thanks for your help,
> FP
>
>
Hi
apt-get upgrade only upgrade your packages for newer version. When
package is upgraded this way at it need new extra packages, then
upgrade
can't upgrade your package. You must install it.
-- Riku
Hi
In normal case when you used Debian stable. You made only update/upgrade
and possible need switch -y (assume yes for every question). At stable
debencies normally never changes. This dist-upgrade is (at stable) only
used when you updated Debian releases from older to newer.
Older stable there was only one kernel upgrade which needed manually
intervention.
Maybe this is better explained man aptitude, see below.
upgrade
Upgrades installed packages to their most recent version.
Installed
packages will not be removed unless they are unused (see the
section "Managing Automatically Installed Packages" in the
aptitude
reference manual); packages which are not currently installed
will
not be installed.
If a package cannot be upgraded without violating these
constraints, it will be kept at its current version. Use the
dist-upgrade command to upgrade these packages as well.
dist-upgrade
Upgrades installed packages to their most recent version,
removing
or installing packages as necessary. This command is less
conservative than upgrade and thus more likely to perform
unwanted actions. Users are advised to either use upgrade
instead or to carefully inspect the list of packages to be
installed and removed.
-- Riku
Reply to: