[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

Hash: SHA1

Javier Fernández-Sanguino Peña wrote:
> On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
>> PS 2: While we are at it: debian by default also does not install or
>> enable an automated system to install security updates. It is the
>> responsibility of the user to decide whether and when security updates
>> are installed.
> Not exactly true. If you are installing a Debian system with a network
> connection the installation system will add security.debian.org automatically
> to your sources lists and update the packages you were going to install from
> CD/DVD from that source. Automatically, unless the user goes into a
> 'power-user' configuration or the system is not connected to the network.

Not exactly true. Debian adds security repositories to apt's sources,
that's true. But it does _not_ automatically install them on your
system. It was my point that debian does not by default provide an
automated system to _install_ security updates.

> Also, a Debian etch install of the Desktop environment (or just the GNOME
> environment) brings you 'update-manager' which *is* a system to install
> security updates if the box has been configured with a proper security source
> (which happens out of the box for most network-connected installations).
> In this case security updates are not, however, forced on you. You just get a
> gently reminder that they are available.

So even automatic _reminders_ to install security updates are only
enabled, if the user either installs gnome (I use kde) or specifically
knows of and installs the appropriate tool. I have not tried
exhaustively, but update-manager does not appear to work 'automatically'
with kde, at least not for myself. It only works, if I start it manually
and that's even less convenient than a simple 'aptitude update; aptitude

Note that I am not saying that I miss this 'automatic security'.
Conversely, my point was that the user should be educated to know and
care about security and should not be educated to trust any 'automatic


Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: