Your message dated Sat, 15 Aug 2015 00:07:35 +0200 with message-id <20150814220735.GA8318@crossbow> and subject line Re: apt manpages should include security information has caused the Debian Bug report #362665, regarding apt manpages should include security information to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 362665: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362665 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: apt manpages should include security information
- From: Andrew Clausen <clausen@econ.upenn.edu>
- Date: Fri, 14 Apr 2006 17:34:34 -0400
- Message-id: <20060414213434.GB28120@econ.upenn.edu>
Package: apt Version: 0.5.28.6 I think apt is central to the security of a Debian system. It is responsible for keeping packages up-to-date -- including security vulnerabilities, and for safely acquiring authentic versions of software. Despite this, the word "security" does not appear in the apt(8) or apt-get(8) manual pages. Here are some suggestions: * there should be an apt-security(8) manual page. apt(8) and apt-get(8) should refer to it. This manual page should discuss issues such as: - how to get signed packages - how to automate security updates (eg: with cron) - the advantages/disadvantages of different approaches of the above. For example, it should compare automatic security updates as opposed to "apt-get dist-upgrade". It should also discuss how frequently different types of users should set cron to update. For example, users running services that could be infected by worms should update more often. * is it even possible to ask apt to apply security updates only? (without editing /etc/apt/sources.list!) That is, something like apt-get security-upgrade or apt-get dist-upgrade -t security If it isn't, then I guess I should open another bug... Cheers, Andrew (I have contact details at http://www.econ.upenn.edu/~clausen)
--- End Message ---
--- Begin Message ---
- To: 362665-done@bugs.debian.org
- Subject: Re: apt manpages should include security information
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Sat, 15 Aug 2015 00:07:35 +0200
- Message-id: <20150814220735.GA8318@crossbow>
- In-reply-to: <20060414213434.GB28120@econ.upenn.edu>
- References: <20060414213434.GB28120@econ.upenn.edu>
Hi On Fri, Apr 14, 2006 at 05:34:34PM -0400, Andrew Clausen wrote: > I think apt is central to the security of a Debian system. It is responsible > for keeping packages up-to-date -- including security vulnerabilities, and for > safely acquiring authentic versions of software. Despite this, the word > "security" does not appear in the apt(8) or apt-get(8) manual pages. > > Here are some suggestions: > * there should be an apt-security(8) manual page. apt(8) and apt-get(8) > should refer to it. This manual page should discuss issues such as: > - how to get signed packages > - how to automate security updates (eg: with cron) > - the advantages/disadvantages of different approaches of the above. > For example, it should compare automatic security updates as opposed > to "apt-get dist-upgrade". It should also discuss how frequently > different types of users should set cron to update. For example, > users running services that could be infected by worms should update > more often. man apt-secure > * is it even possible to ask apt to apply security updates only? > (without editing /etc/apt/sources.list!) That is, something like > > apt-get security-upgrade > > or > > apt-get dist-upgrade -t security > > If it isn't, then I guess I should open another bug... It isn't and an other bugreport might be in order, but not that such "special" things are better handled by specialiced tools like unattended-upgrades. Anyway, the main thing this bugreport was asking for is details about the security features, which happens to some extend in apt-secure. Documentation can always be improved of course, but if we work with documentation bug on that premise, we would never close them; its better to report specific issues with them so that there is a clear path from: "What is wrong" to "Now it is right". So, as a manpage exists closing as done. Best regards David KalnischkiesAttachment: signature.asc
Description: Digital signature
--- End Message ---