On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote: > Not exactly true. Debian adds security repositories to apt's sources, > that's true. But it does _not_ automatically install them on your > system. It was my point that debian does not by default provide an > automated system to _install_ security updates. Yes, a Debian default install *does* install security updates. Please read "Selecting and Installing Software" http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#di-system-setup This step takes place after apt is configured to add external sources and, as the manual says, "Even when packages are included on the CD-ROM, the installer may still retrieve them from the mirror if the version available on the mirror is more recent than the one included on the CD-ROM." This is not even specific for etch, it has been true for some releases already. > So even automatic _reminders_ to install security updates are only > enabled, if the user either installs gnome (I use kde) or specifically > knows of and installs the appropriate tool. I have not tried > exhaustively, but update-manager does not appear to work 'automatically' > with kde, at least not for myself. It only works, if I start it manually > and that's even less convenient than a simple 'aptitude update; aptitude > upgrade'. GNOME is the *standard* desktop environment in Debian. A default Debian installations installs both KDE and GNOME but gdm is the default window manager and when users login they get into a GNOME Desktop by default. So your "if the user either installs gnome..." conditional is moot. > Note that I am not saying that I miss this 'automatic security'. > Conversely, my point was that the user should be educated to know and > care about security and should not be educated to trust any 'automatic > security'. Educating users also involves raising awareness that they *have* to keep their system up-to-date with security patches both to prevent local and remote exploits. The fact that KDE (or Xfce) does not have an equivalent to the update-manager is IMHO, worrisome, as users of that Desktop environment might not be as aware of this need as users of GNOME. Update-manager makes a good job at highlighting security updates and explaining why are they needed. Even if it does not force users to install them. Regards Javier
Attachment:
signature.asc
Description: Digital signature