Re: System maintenance
On Mon, Oct 16, 2006 at 04:19:16AM -0400, Kevin Mark wrote:
> On Sun, Oct 15, 2006 at 01:29:43PM -0500, cothrige wrote:
> > In reading online it seems that the standard practice to apply
> > security patches would be to run 'apt-get update' and then 'apt-get
> > upgrade'. I am curious if this really is the best way and if so, how
> > often should it be done?
> >
> > I use Fluxbox, and quickly switched from the default Gnome when I
> > first installed. But, before doing that, I noticed that there was
> > monitor of some sort which popped up in the notification area
> > announcing available updates. How reliable is this tool, and can it
> > be used from outside of Gnome?
> >
> > Just trying to get a grip on system maintenance and hoping to hear
> > some ideas from those here. Thanks in advance,
> >
> Hi Patrick,
> the best option if you want stability and (little or) no breakage is to
> run 'stable'. This is what Debian releases. Although there is now
> security support for testing also.
> >
> 'apt-get update' gets the latest information about what packages have
> been updated but does not install them. 'apt-get upgrade' installs (but
> does not remove) the new packages while 'apt-get dist-upgrade' can both
> install and remove packages. This is a paraphrase, so read 'man apt-get'
> for more complete info.
>
> Normally, with stable you only need 'apt-get update && apt-get upgarde'
> to keep your system up to date and secure say every month. This assumes
> you have the stable and stable security entries in your
> /etc/apt/sources.list. While 'apt-get upgrade' is 95% guarenteed to go
> flawlessly and most folks tend to automake this, it is still ok to do it
> by hand, if you want 100% assurance.
If you want a little more control over the details, with a usable
text-based user interface, use 'aptitude'.
after it's started in a text console (very useful if your X is broken)
the command 'u' updates its package lists, 'U' then does the same as
apt-get upgrade, except that it just decides which things to upgrade
without doing it, 'g' tell sit to go ahead and do it -- except again, it
pauses once for you to vies the entire list of proposed changes. You
can then edit the list if you wish, and do another 'g' to get it to
actually make the changes.
I find this essential for an etch/testing or sid/unstable system.
Probably overkill on sarge, but I still use it there because I'm used to
it.
What aptitude does better than apt-get is to keep track of which
packages were installed because you asked for them explicitly, and which
were installed by being a requirement for something else. This is
useful when you want to delete a package, and it will delete the other
packages that were there only because of the delendum.
Unfortulately, aptitude doesn't know if you explicitly requested a
package using apt-get, so you will have to watch out a bit when you
delete things.
-- hendrik
>
> Using stable is the main benefit to Debian.
I think, historically, stable was the whole point of starting Debian --
to make the most stable, reliable Linux-based OS in existence, and to do
it free. Testing and unstable are intermediate stages on the way to
creating stable.
> If you do not use stable
> (like me, as I use unstable), then all the above does not apply. You
> have to update/dist-upgrade as often as you can to keep up with bugs and
> security issues and the chance of installing something that may break
> your system is not as near to zero as it is with stable.
Which is why you'd particularly want the convenient overview of what
it's going to do that aptitude provides.
> This does not
> mean that Debian unstable is horrible and broken, it just takes more
> effort to keep working, secure and up-to-date which is why I use
> apt-listbugs and apt-changes!
> feel free to ask another question as they arise!
Isn't there a plugin or something for aptitude that can tell you about
extant bugs in packages that it's going to update for you? I seem to
remember hearing about it, not having time to install it, and now wishin
I had.
- hendrik
Reply to: