Re: how to prevent security update installation during stretch installation
On Tue, Jul 31, 2018 at 06:05:04PM -0700, David Christensen wrote:
> On 07/31/2018 05:42 PM, Roberto C. Sánchez wrote:
> > On Tue, Jul 31, 2018 at 05:36:41PM -0700, David Christensen wrote:
> > >
> > > One possibility is to configure your Internet gateway to block traffic
> > > between the host and the Internet, and then install from CD-1, DVD-*, BD-*,
> > > etc., media.
> > >
> > An easier approach would be that when the installer asks "Would you like
> > to use a network mirror?" you just answer "no." The installer will then
> > only use the packages available on the install media you supply.
>
> The first half of my suggestion implies your suggestion.
>
>
> The original post implies use of netinst media, which does not contain
> enough packages to install a working Debian system (?). Thus, the second
> half of my suggestion.
>
I should have read the entire thread before responding. Thanks for
pointing out my oversight.
You are correct that a netinst media does not have enough on it for a
complete installation. However, that is sort of the point of the
netinst media. Of course, another aspect of the way updates work in
Debian is that when a point update is made all the security updates (and
generally quite a few high priority non-security updates) become part of
the stable release with an increased version number. For example in the
last few weeks, Debian "Stretch" went from version 9.4 to 9.5.
That sort of makes the "I want to install but I don't want security
updates" not make any sense. Unless you get the install media for the
first release of a new Stable before any point releases are made, you
will end up with some security updates as part of your installation.
Even then, the new stable release definitely also has security updates
that are left over from the prior stable release (not all packages are
refreshed from one release to the next).
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: