Re: Package management and security

To: Frédéric PICA <frederic.pica@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Package management and security
From: Riku Valli <riku.valli@vallit.fi>
Date: Thu, 07 Jun 2007 18:19:27 +0300
Message-id: <[🔎] 466821FF.5050605@vallit.fi>
In-reply-to: <[🔎] d0e937440706070747p3ecddbf5g86fa9ee22b7fc5c2@mail.gmail.com>
References: <[🔎] d0e937440706070523v57a5e2dcpb9e8a22eaa3e815a@mail.gmail.com> <[🔎] 466812DD.3010002@vallit.fi> <[🔎] d0e937440706070747p3ecddbf5g86fa9ee22b7fc5c2@mail.gmail.com>

Frédéric PICA wrote:

Thanks for your answer,

So I need to do an apt-get dist-upgrade in my cron job to be sure toalways have the latest security fixes ?

What's the risk to have a needed package uninstalled by that way ?

My goal is to have the latest security fixes for a server, but I haveto be sure that dist-upgrade will not broke my server by removingneeded pacakges, for example mod_php for apache or things like that.

FP

2007/6/7, Riku Valli <riku.valli@vallit.fi<mailto:riku.valli@vallit.fi>>:


    Frédéric PICA wrote:
    > Greets,
    >
    > I saw in 'man apt-get' that using apt-get upgrade does not
    install new
    > packages or remove an already installed package.
    > Is it possible that I did'nt get the latest security fixes using
    > apt-get upgade in a cron job ?
    > I think particularly about security fixes that can't be retro-ported
    > to the debian stable version and needs to upgrade the package to the
    > latest author available version, what's going on if the package
    > dependencies changes ? Does the security patched will be installed
    > with it's new dependencies anyway or does the package will not be
    > upgraded ?
    >
    > Thanks for your help,
    > FP
    >
    >
    Hi

    apt-get upgrade only upgrade your packages for newer version. When
    package is upgraded this way at it need new extra packages, then
    upgrade
    can't upgrade your package. You must install it.


    -- Riku

Hi

In normal case when you used Debian stable. You made only update/upgradeand possible need switch -y (assume yes for every question). At stabledebencies normally never changes. This dist-upgrade is (at stable) onlyused when you updated Debian releases from older to newer.

Older stable there was only one kernel upgrade which needed manuallyintervention.


Maybe this is better explained man aptitude, see below.

     upgrade

Upgrades installed packages to their most recent version.Installed

          packages will not be removed unless they are unused (see the

section "Managing Automatically Installed Packages" in theaptitudereference manual); packages which are not currently installedwill

          not be installed.

          If a package cannot be upgraded without violating these
          constraints, it will be kept at its current version. Use the
          dist-upgrade command to upgrade these packages as well.

        dist-upgrade

Upgrades installed packages to their most recent version,removing

          or installing packages as necessary. This command is less
          conservative than upgrade and thus more likely to perform
          unwanted actions. Users are advised to either use upgrade
          instead or to carefully inspect the list of packages to be
          installed and removed.


-- Riku

Reply to:

Follow-Ups:
- Re: Package management and security
  - From: "Frédéric PICA" <frederic.pica@gmail.com>

References:
- Package management and security
  - From: "Frédéric PICA" <frederic.pica@gmail.com>
- Re: Package management and security
  - From: Riku Valli <riku.valli@vallit.fi>
- Re: Package management and security
  - From: "Frédéric PICA" <frederic.pica@gmail.com>

Prev by Date: Re: Package management and security
Next by Date: Re: Package management and security
Previous by thread: Re: Package management and security
Next by thread: Re: Package management and security
Index(es):
- Date
- Thread