Re: Security Updates

To: debian-user@lists.debian.org
Subject: Re: Security Updates
From: Larry Dighera <LDighera@att.net>
Date: Wed, 31 Aug 2016 08:16:45 -0700
Message-id: <[🔎] vcsdsbp6dj8osk881j5cce0ig1b0nb7nu3@4ax.com>
In-reply-to: <[🔎] 20160831132821.GA3690@galactic.demon.co.uk>
References: <[🔎] gdobsbp8e1bd1aq8qoi51l3p2g0i40e71c@4ax.com> <[🔎] 20160830204427.GA9981@galactic.demon.co.uk> <emkdsb5q9c9njfahauisuo1p1arslk3608@4ax.com> <[🔎] 20160831132821.GA3690@galactic.demon.co.uk>

On Wed, 31 Aug 2016 13:28:21 +0000, "Andrew M.A. Cater"
<amacater@galactic.demon.co.uk> wrote:

>On Wed, Aug 31, 2016 at 06:04:34AM -0700, Larry Dighera wrote:
>> On Tue, 30 Aug 2016 20:44:27 +0000, "Andrew M.A. Cater"
>> <amacater@galactic.demon.co.uk> wrote:
>> 
>> >On Tue, Aug 30, 2016 at 12:58:47PM -0700, Larry Dighera wrote:
>> >> 
>> >> This page <https://www.debian.org/releases/stable/errata> states:
>> >> 
>> >>     "If you use APT, add the following line to /etc/apt/sources.list to be able
>> >>     to access the latest security updates:
>> >> 
>> >>     deb http://security.debian.org/ jessie/updates main contrib non-free
>> >> 
>> >>     After that, run apt-get update followed by apt-get upgrade."
>> >> 
>> >> Adding that entry to /etc/apt/sources.list on the Raspberry Pi3 running Debian
>> >> Jessie results in an error message indicating that the public key is not found.
>> >> It also finds two libraries that require updating that are not found when the
>> >> above mentioned /etc/apt/sources.list entry is removed.
>> >> 
>> >>   1.  What do I need to do to prevent the error message?
>> >> 
>> >>   2.  As there are other security related URLs (doubtless, as
>> >>   distributed/released) that are checked during apt-get update, is the
>> >>   recommended additional entry advisable/useful for this platform?
>> >
>> >Debian or Raspbian?
>> >
>> >If Raspbian - that's based very closely on Debian but isn't strictly Debian.
>> >
>> >Mixing the two might not be a good idea since there will probably be incompatibilities at some level.
>> >
>> >There is a port of pure Debian to the Pi 2 - look on the Debian wiki - but no one has yet done this for the Pi 3 as far as I know.
>> >
>> >[The original Pi required different compilation options to cope with floating point "stuff" which rendered Debian incompatible:
>> >Raspbian is a re-compilation to suit the Raspberry Pi. Pi 2 is ARM v7 with hardware floating point. Pi 3 is 64 bit core (so arm64 would work if
>> >the Pi folk hadn't put in 32 bit glue logic or thereabouts). There are also issues with the way of loading the operating system, initialising video
>> >and non-free firmware which can cause problems.]
>> >
>> >All the best,
>> >
>> >AndyC
>> 
>> 
>> 
>> Hello Andy,
>> 
>> I thought I made it clear that the OS was Debian Jessie.  It was installed from
>> the NOOBS release: <https://www.raspberrypi.org/downloads/noobs/>.  As you can
>> see from this article
>> <https://www.raspberrypi.org/blog/raspbian-jessie-is-here/>, Debian Jessie was
>> released for the Raspberry Pi platform almost a year ago, September 2015.  
>> 
>> Have you any insight into how to overcome the ;public key not found; error
>> message adding that security repository to the apt list, as stated on the
>> Debian.org web site, may be resolved?
>> 
>> Thank you for your response.
>> 
>> Best regards,
>> Larry
>>
>
>Hi Larry, 
>
>That's Raspbian - NOOBS installs Raspbian.
>
>As Lisi Reisz has stated to you in another email: Raspbian handle their own security updates.
>
>If you want to add the keys to the Debian security updates repository you can use an apt-key add command and the key available from http://ftp-master.debian.org/keys.html
>[The main archive signing key is also used to sign the security updates].
>
>Be aware that you might create problems for yourself.
>
>You may well want to look at the Debian Administrators handbook - you can try apt-get install debian-handbook if the package is also available for Raspbian.
>
>Hope this helps,
>
>Al the very best,
>
>AndyC 
>
>[Copying to the list as this may be of more use more widely]


Hello Andy,

Have you even looked at the information here:
<https://www.raspberrypi.org/blog/raspbian-jessie-is-here/>?  After reading
that announcement, how can you continue to insist that I am not running Debian
Jessie?  

I appreciate your pointer to adding keys to the Debian security updates
repository with apt-key add.  I will look into that, however if it were
necessary for me to do that manually, I would have expected the
<https://www.debian.org/releases/stable/errata> page to have mentioned it
explicitly.  Perhaps I expect too much...

I find the stability of the Debian APT system to be one of the most valuable
aspects of Debian Linux, compared to other less stable distributions I have
encountered over the years.  So I am wary of doing anything to break it, even
if it proffered on a Debian web page, as you cautioned.  

Thank you for sharing your knowledge.

Best regards,
Larry

Reply to:

Follow-Ups:
- Re: Security Updates
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Security Updates
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: Security Updates
  - From: Charlie Kravetz <cjk@teamcharliesangels.com>

References:
- Security Updates
  - From: Larry Dighera <LDighera@att.net>
- Re: Security Updates
  - From: "Andrew M.A. Cater" <amacater@galactic.demon.co.uk>
- Re: Security Updates
  - From: "Andrew M.A. Cater" <amacater@galactic.demon.co.uk>

Prev by Date: Re: Jessie (8.0) slow to boot
Next by Date: Re: Security Updates
Previous by thread: Re: Security Updates
Next by thread: Re: Security Updates
Index(es):
- Date
- Thread