Re: New user Q: Best way to stay up to date on "testing"?

To: debian-user@lists.debian.org
Subject: Re: New user Q: Best way to stay up to date on "testing"?
From: Alan Chandler <alan@chandlerfamily.org.uk>
Date: Fri, 8 Oct 2004 23:35:26 +0100
Message-id: <[🔎] 200410082335.26430.alan@chandlerfamily.org.uk>
In-reply-to: <[🔎] 200410081518.02603.jw@mailsw.com>
References: <[🔎] 200410081518.02603.jw@mailsw.com>

On Friday 08 October 2004 21:18, JW wrote:
> Hello,
>
> Sorry to bother everyone with newbie questions, but I'm struggling to
> understand the entire Debian environment and need a little advise.
>
> I have been using SuSE for a long time but recently my job has required me
> to start administrating a Debian server that was set up with
> 3.1/Sarge/Testing by the co (server is actually in another state, so I'm
> stuck with what the co-lo put on it. I like Debian and I'm sure with time
> I'll figure it all out, but in the short run I need a little help.

The real big thing about debian is the way all the package dependencies just 
work properly.  Update regularly or infrequently and I have almost never had 
a problem.

(There we some glitches in the early days of testing)

>
> We are planning on keeping the server for quite a long time, it will be
> used for part of a billing system (perl/web based).
>
> I was reading the security FAQ and am somewhat alarmed to find (if I
> understand correctly) that Testing is not actively supported by the
> security team. Youch. If I could put stable on it I would, but for the
> reasons stated above I can't.

What have you got in your /etc/apt/sources.list.  If you reference "sarge" 
then once that (shortly) becomes stable you will stick with it.  Whilst it is 
still in the testing stage getting ready for stable the security updates will 
come through the normal update route.  The stable team will concentrate when 
it hits stable.

But it doesn't harm to have a line in your sources.list for a security source.

Heres mine for a server based on sarge.

deb ftp://debian.blueyonder.co.uk/pub/debian/ sarge main non-free contrib
deb http://ftp.uk.debian.org/debian sarge main contrib non-free

deb http://security.debian.org/ sarge/updates main contrib non-free

>
> It seems to me that the best thing for me to do is keep all the installed
> software up to date. For one thing, new packages are more likely to contain
> security fixes (even if they aren't official security patches), and also,
> I'm hoping that some day in the future Sage will be declared stable and
> I'll be able to hop on the security train.

>
> I am wondering what the best way is to go about staying up to date. If I
> run apt-get -s upgrade I'm told that apt wants to upgrade about 15
> packages, most of which seem to be related to X (we won't ever be using X
> on this server. it wasn't originally installed and I"d like to get rid of
> it but some other package I installed had a dependancy on some gtk thing
> that had one on X. Oh well).

I would do it manually once a week.  I ssh (from either a linux machine or 
from a windows machine running putty) into the machine I refer to above and 
run aptitude.  This gives a good visual indication before it does anything so 
you can check that there are no major upsets (like trying to remove 
everything).  Also, with aptitude its easy to locate a package and then drill 
down through  its dependencies to see why things are installed.

>
> Could anyone confirm that "upgrade" is the right way to stay up to date.
> I'm not going to run it automatically, and I'll always do a test run first
> to make sure nothing disastrous is going to happen.

See above - use aptitude.
>
> Is running upgrade on a regular basis a bad idea for any reason?

No - in fact at the moment the opposite.  But as it gets more stable the 
number of updates it tries to do each time you do the update will become less 
and less.  

>
> It just seems like I'll need to be as up to date as possible when Sarge is
> declared stable in order to make a smooth transition to Sarge/Stable.
> Correct me if I'm wrong. I've always found it better to update packages a
> little at a time rather than wait till there's dozens of updates to
> install.

You don't really make "the transition" in debian.  With what you have in your 
sources.list as described above it should be a smooth flow.

Even with a major upgrade its not normally a big problem.  On other machines, 
I have installed either woody or sarge and then changed sources.list to point 
to unstabled and then upgraded immediately and generally flawlessly.

>
> If anyone has advise on how to keep a Testing system secure, I'd really
> like to hear it.

Put the security line in sources.list.  Run a firewall (iptables is fine) to 
block all but only the ports that you __need__ open.  

Only install the packages (server) that your really need to have.

-- 
Alan Chandler
alan@chandlerfamily.org.uk
First they ignore you, then they laugh at you,
 then they fight you, then you win. --Gandhi

Reply to:

References:
- New user Q: Best way to stay up to date on "testing"?
  - From: JW <jw@mailsw.com>

Prev by Date: Re: how to recover data even when unable to mount?
Next by Date: Re: Problem with DSL and /etc/resolv.conf
Previous by thread: Re: New user Q: Best way to stay up to date on "testing"?
Next by thread: Re: New user Q: Best way to stay up to date on "testing"?
Index(es):
- Date
- Thread