Re: New user Q: Best way to stay up to date on "testing"?

To: debian-user@lists.debian.org
Subject: Re: New user Q: Best way to stay up to date on "testing"?
From: Jacob S <stormspotter@6Texans.net>
Date: Fri, 8 Oct 2004 16:05:31 -0500
Message-id: <[🔎] 20041008160531.02942832@jacob.6texans.net>
In-reply-to: <[🔎] 200410081518.02603.jw@mailsw.com>
References: <[🔎] 200410081518.02603.jw@mailsw.com>

On Fri, 8 Oct 2004 15:18:02 -0500
JW <jw@mailsw.com> wrote:

<snip - new user administering Debian co-lo>

> I was reading the security FAQ and am somewhat alarmed to find (if I 
> understand correctly) that Testing is not actively supported by the
> security team. Youch. If I could put stable on it I would, but for the
> reasons stated above I can't.

'Testing' is not actively supported, correct until you near release
time. Sarge has entered a freeze for the base packages, is in that 'near
release time' phase and is now getting security updates along with the
current 'Stable' (Woody). Sarge is expected to be released as the new
stable 'any day now'.

<snip>

> Could anyone confirm that "upgrade" is the right way to stay up to
> date. I'm not going to run it automatically, and I'll always do a test
> run first to make sure nothing disastrous is going to happen. 

Yes, 'apt-get update' and 'apt-get upgrade' is the best way to keep up
to date on security updates. If you install any packages outside of
apt/dpkg and friends though, you will need to maintain them the same way
you install them (obviously).

> Is running upgrade on a regular basis a bad idea for any reason?

The only thing that might cause a problem would be if it updates a large
package (say Apache or Perl) and has a small configuration bug that
makes you run around and pull your hair out trying to figure out what's
changed and how to fix it. This is when reading the Debian-user list
regularly is very helpful. However, Sarge is getting close enough to
release that I haven't noticed anything major like that in the five or
several months that I've been using it.

<snip>

> If anyone has advise on how to keep a Testing system secure, I'd
> really like to hear it.

First and foremsost, use a firewall and don't install software that you
won't use. Extra and unneeded software can = extra security holes. Then
there are additional tools like snort, tripwire, aide, etc. (apt-cache
show 'packagename' will tell you more about it, apt-cache search
'keyword' will show you packages that meet that search criteria.)

> P.S. If anyone has a link to some favorite documentation on Debian
> package handling for newbies, please send it on. I've read a lot of
> man pages and docs on the web site, and I'll keep reading till I get
> it all. But the abundance of package handling tools and front ends is
> quite bewildering to someone who's used to RPM and only RPM. TIA.

http://newbiedoc.sourceforge.net/ has a lot of helpful information
that's Debian specific. Written by Debian users for Debian users.

HTH,
Jacob

Reply to:

Follow-Ups:
- RE: New user Q: Best way to stay up to date on "testing"?
  - From: "Dan Roozemond" <dan+debian@banaan.org>
- Re: New user Q: Best way to stay up to date on "testing"?
  - From: Kevin Mark <kmark+debian-user@pipeline.com>

References:
- New user Q: Best way to stay up to date on "testing"?
  - From: JW <jw@mailsw.com>

Prev by Date: RE: New user Q: Best way to stay up to date on "testing"?
Next by Date: how to recover data even when unable to mount?
Previous by thread: Re: New user Q: Best way to stay up to date on "testing"?
Next by thread: RE: New user Q: Best way to stay up to date on "testing"?
Index(es):
- Date
- Thread