Re: Fwd: Security Installation Method

["der.hans" <deb-user@LuftHans.com>]

Am 10. Apr, 2019 schwätzte Cindy Sue Causey so:

moin moin,

> On 4/10/19, Dan Ritter <dsr@randomstring.org> wrote:
> > Arun Vasudevan wrote:
> > > > Could you please help me to install the Security patches only to one of
> > > > my
> > > > Debian servers.
> >
> > The usual method is:
> >
> > sudo apt update
> > apt list --upgradable
> >
> > # inspect the packages to make sure you want all of them. If
> > # not, don't proceed. You can install individual updates with
> > # sudo apt install PACKAGENAME
> >
> > sudo apt upgrade
> >
> > At the end of that, you will want to reboot if you installed a
> > new kernel.
>
>
> This is a quick drive-by to wonder whether limiting the repositories
> in /etc/apt/sources.list (before "apt upgrade") would additionally
> help here, too?

This is essentially what I do.

I put security repos in /etc/apt/sources.list.d/security.list, then I use
only that for security updates.

sudo apt -o Dir::Etc::sourceparts=:: -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list full-upgrade

ciao,

der.hans

> Commenting the lines out instead of deleting is my chosen method of
> operation just so I don't have to waste time tracking down how to put
> what back in place *when* I change my mind. :)
>
> Yes, I can't think of good examples, but I'm sure there are some to
> show why everything should be updated instead of just security. :)
>
> Cindy :)

--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  History is nothing but a collection of fables and useless trifles,
#  cluttered up with a mass of unnecessary figures and proper names.
#  -- Leo Tolstoy