Re: Security updates for hold package

To: debian-user@lists.debian.org
Subject: Re: Security updates for hold package
From: Andrei POPESCU <andreimpopescu@gmail.com>
Date: Wed, 14 May 2014 23:50:50 +0300
Message-id: <[🔎] 20140514205050.GA4120@sid.nuvreauspam>
In-reply-to: <[🔎] 20140514195909.278140@gmx.com>
References: <[🔎] 20140514195909.278140@gmx.com>

On Mi, 14 mai 14, 15:59:08, Theodore Alcapotaxis wrote:
> I wrote:
> > 
> > However, if you're on stable (or oldstable) there will be no major 
> > upgrades (whether you want them or not) unless you point your sources to 
> > the next release.
>  
> What happens if I am using Debian current stable but my linux-image is 
> 3.12 (wheezy-backports)?

Assumptions:
1. You did not change the default priority for backports
2. You installed the linux-image-<version>-<flavor> package from 
backports and *not* the corresponding meta-package 
linux-image-<flavour>.

As far as I understand from lurking on -backports the backported kernels 
"track" testing. If the package in testing receives a security upgrade 
most probably the package in backports will too. If assumption 1. is 
correct you will receive such security upgrades.

However, if the package in testing is replaced by a newer one the same 
will happen in backports. If assumption 2. is correct you will be stuck 
with the same kernel package (no upgrades of any kind) while backports 
moves on to newer versions.

Since linux-image-<flavor> packages in backports are already depending 
on 3.13 images I assume 3.12 packages will be removed soon.

I would recommend you install linux-image-<flavor> from backports and 
let it keep you kernel to the latest version available in backports.

Kernel upgrades are usually quite safe to do, assuming you always keep 
around at least one known working kernel as backup. In case of kernels 
from backports you probably could/should keep two: the latest stable 
kernel and the previous backports kernel.

To play it extra safe watch for security upgrades to the stable kernel 
and test that it still boots for you (see the recent thread where a 
security upgrade made a system unbootable).

Also, it may happen that the kernel in stable gets an ABI change (e.g. 
it changes from linux-image-3.2.0-4-amd64 to linux-image-3.2.0-5-amd64). 
These are rare, but did happen in the past. If your 
linux-image-<flavour> is from backports such changes will not be picked 
up automatically.

Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: Security updates for hold package
  - From: "Theodore Alcapotaxis" <theotaxis@mail.com>

Prev by Date: Re: evolution
Next by Date: Re: No suspend-to-disk with kde
Previous by thread: Re: Security updates for hold package
Next by thread: Re: Security updates for hold package
Index(es):
- Date
- Thread