Re: minimize daemon downtime for apt upgrade

To: debian-user@lists.debian.org
Subject: Re: minimize daemon downtime for apt upgrade
From: "Andrew M.A. Cater" <amacater@einval.com>
Date: Thu, 8 Apr 2021 22:12:20 +0000
Message-id: <[🔎] 20210408221220.GA26126@einval.com>
In-reply-to: <[🔎] 20210408134722.479c08f6@orca.localdomain>
References: <[🔎] CAOLfK3UqqG0qkw+3k1airfzpKhbWLKyGZQMud9Ri+4zhnfJK1w@mail.gmail.com> <[🔎] 20210408134722.479c08f6@orca.localdomain>

On Thu, Apr 08, 2021 at 01:47:22PM -0600, Charles Curley wrote:
> On Thu, 8 Apr 2021 10:46:06 -0500
> Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
> 
> > If I wait for a few months to perform an "apt upgrade", many packages
> > get upgraded.
> 
> ...
> 
> > Is there something more elegant?
> 
> As Dan Ritter <dsr@randomstring.org> already mentioned, you can
> configure a failover DHCP server, usually a good idea anyway.
> 
> Why are you using Sid for production software? I know it's in
> pre-release freeze. The general advice is to use only current released
> stable for production.
> 
Being picky: Sid is NEVER in a state of freeze - it's permanently unstable.
A package change tomorrow could delete 9/10 of your system or you could be
waiting months and years for a major change to percolate through. There
are really _NO_ guarantees with Sid: if you can't deal with your system
executing a Halt and Catch Fire instruction once in a while, you shouldn't 
go anywhere near it. Sid _may_ have bugs that nothing else has: it doesn't
have any security guarantee.

> And why are you waiting months to do an upgrade? That has security
> implications you don't want. I upgrade all machines daily, even on
> stable.
> 
if you worry about upgrades - install minimal amounts of software. For a 
router - don't install a desktop environment. You might get one upgrade 
a week on stable of a couple of packages. [The machine I have next door
runs a Debian mirror - it has one job, essentially] Update REGULARLY -
use unattended upgrades package. Once a week or so, take five minutes to
run an update/upgrade cycle yourself and watch it go through.

Install a firewall - lock down the things you want to lock down.

> If you don't want to do it yourself, install unattended-upgrades. That
> runs daily some time before 06:00, so even if it reboots, it shouldn't
> affect most users.
> 
Maybe also take a little time to read up something like the Debian
handbook - debian-handbook package / web site to fill in info on other things
that might be interesting. Folk here can be very helpful.

All the best,

Andy C

> -- 
> Does anybody read signatures any more?
> 
> https://charlescurley.com
> https://charlescurley.com/blog/
>

Reply to:

References:
- minimize daemon downtime for apt upgrade
  - From: Matt Zagrabelny <mzagrabe@d.umn.edu>
- Re: minimize daemon downtime for apt upgrade
  - From: Charles Curley <charlescurley@charlescurley.com>

Prev by Date: Using a remote computer and VGA
Next by Date: Re: MATE/Compiz
Previous by thread: Re: minimize daemon downtime for apt upgrade
Next by thread: Paraview crashes?
Index(es):
- Date
- Thread