Bug#362665: apt manpages should include security information

To: submit@bugs.debian.org
Subject: Bug#362665: apt manpages should include security information
From: Andrew Clausen <clausen@econ.upenn.edu>
Date: Fri, 14 Apr 2006 17:34:34 -0400
Message-id: <[🔎] 20060414213434.GB28120@econ.upenn.edu>
Reply-to: Andrew Clausen <clausen@econ.upenn.edu>, 362665@bugs.debian.org

Package: apt
Version: 0.5.28.6

I think apt is central to the security of a Debian system.  It is responsible
for keeping packages up-to-date -- including security vulnerabilities, and for
safely acquiring authentic versions of software.  Despite this, the word
"security" does not appear in the apt(8) or apt-get(8) manual pages.

Here are some suggestions:
 * there should be an apt-security(8) manual page.  apt(8) and apt-get(8)
should refer to it.  This manual page should discuss issues such as:
	- how to get signed packages
	- how to automate security updates (eg: with cron)
	- the advantages/disadvantages of different approaches of the above.
	For example, it should compare automatic security updates as opposed
	to "apt-get dist-upgrade".  It should also discuss how frequently
	different types of users should set cron to update.  For example,
	users running services that could be infected by worms should update
	more often.

 * is it even possible to ask apt to apply security updates only?
(without editing /etc/apt/sources.list!)  That is, something like

	apt-get security-upgrade

or

	apt-get dist-upgrade -t security

If it isn't, then I guess I should open another bug...
 
Cheers,
Andrew

(I have contact details at http://www.econ.upenn.edu/~clausen)

Reply to:

Prev by Date: Processed: tagging 308586
Next by Date: Processed: apt doesn't handle an epoch 0
Previous by thread: Processed: tagging 308586
Next by thread: Processed: apt doesn't handle an epoch 0
Index(es):
- Date
- Thread