Re: Current bullseye security and stability

To: debian-testing@lists.debian.org
Subject: Re: Current bullseye security and stability
From: Jorge P. de Morais Neto <jorge+list@disroot.org>
Date: Sat, 16 Jan 2021 19:54:16 -0300
Message-id: <[🔎] 87pn24ebmv.fsf@disroot.org>
Mail-followup-to: debian-testing@lists.debian.org
In-reply-to: <[🔎] 6baa5ed1-5401-9b86-0f50-167d2d10b9fd@dietpi.com>
References: <[🔎] 87pn2763ak.fsf@disroot.org> <[🔎] 818e323e-5169-39f7-26b7-9d7c3a65d29d@syt.net> <[🔎] bcb1049c-8d44-34e2-7fe0-65cc927d31e4@dietpi.com> <[🔎] 87lfcsrhfy.fsf@disroot.org> <[🔎] 6baa5ed1-5401-9b86-0f50-167d2d10b9fd@dietpi.com>

Hi.

Em [2021-01-16 sáb 21:11:32+0100], MichaIng escreveu:

> the way you explain how you use it, especially carefully reviewing the
> upgrade list, and are okay with the chance to run into bugs with the
> implementation,

To be clear, I don't assess the origin (testing or sid) of each new
package version every time I upgrade (daily).  What I actually do:
1. I review the upgrade list in aptitude looking for suspicious removals
2. I use `apt-listchanges' and `apt-listbugs'
3. I periodically invoke the following script:

--8<---------------cut here---------------start------------->8---
#!/usr/bin/env bash

declare -r SID="?narrow(?not(~Atesting),~i~Aunstable)"
aptitude search "${SID}" |
    tee /dev/stderr |
    wc -l
aptitude -s -t unstable full-upgrade "${SID}"
--8<---------------cut here---------------end--------------->8---

The pipeline that begins with `aptitude search "${SID}"' tells which
(and how many) sid packages are currently installed.  The second
aptitude invocation tells whether the installed sid packages are fully
up-to-date.

The second aptitude invocation should address the danger of an installed
sid package being barred from upgrading to its latest version because
that new version needs additional sid packages.  If that happens, I need
to be aware and decide whether the benefit of the new version outweighs
the downside of increasing the number of sid packages.

The question, of course, is whether software freshness is worth all this
work.  It this may be obsessive/compulsive behavior on my part.

> The other way round, the above points are not guaranteed for
> "unstable" and usually critical security fixes are available in
> testing a couple of days later, which should outweigh the possible
> chance for a major security issue introduced with a package from
> unstable due to a non-reviewed/tested implementation change for
> example.

You make valid points.  I will keep that in mind.

Regards

-- 
- <https://jorgemorais.gitlab.io/justice-for-rms/>
- I am Brazilian.  I hope my English is correct and I welcome feedback.
- Free Software Supporter: <https://www.fsf.org/free-software-supporter>
- If an email of mine arrives at your spam box, please notify me.

Reply to:

References:
- Current bullseye security and stability
  - From: "Jorge P. de Morais Neto" <jorge+list@disroot.org>
- Re: Current bullseye security and stability
  - From: ldavila@syt.net
- Re: Current bullseye security and stability
  - From: MichaIng <micha@dietpi.com>
- Re: Current bullseye security and stability
  - From: Jorge P. de Morais Neto <jorge+list@disroot.org>
- Re: Current bullseye security and stability
  - From: MichaIng <micha@dietpi.com>

Prev by Date: Re: Current bullseye security and stability
Next by Date: testing/bullseye: Still installing vino when we really should be installing gnome-remote-desktop
Previous by thread: Re: Current bullseye security and stability
Next by thread: Can I count on Python 2 in bullseye?
Index(es):
- Date
- Thread