security updates in Etch
Just wondering, I installed sarge and upgraded to etch (testing). There is a security line, deb http://security.debian.org/ stable/updates main
If I leave that there will I still get security updates even though I am running testing and not stable? I am running the computer as a desktop so I don't know if I even need it, but I would like it to be as secure as possible. Currently, I have it commented out..because I didn't know if it would work. BTW, do you guys install Firestarter and SElinux on desktops? and if you are behind a firewall router, do you still install a firewall? sorry for the newbie questions but I have never bothered with linux security before. Thanks. |
Most of the time testing will have the fixes in it already since the version number is higher. The security is just for sarge cause it doesn't change anymore except for security updates.
I'm using firestarter. I have a wireless router but it doesn't have firewalling abilities. |
Re: security updates in Etch
Quote:
The security updates in SID will be the next available version of the program. Quote:
|
Take a look at the directory structure: http://security.debian.org/dists/ You'll notice that both "etch" and "testing" are supported and you can change the "stable/updates" part in your sources.list entry either to "etch/updates" or "testing/updates".
However, after the Sarge release there has been some confusion at security.debian.org and some of the security updates that the "testing security team" has uploaded there have not become available for download. http://www.infodrom.org/~joey/log/ I'm sure they'll fix the problems in the very near future. Security has always been high priority for Debian. :) |
Just add
# Security Updates Testing deb http://security.debian.org/ testing/updates main contrib non-free |
Oh, I didn't know they made security updates for testing. I thought they didn't do that.
Thanks for the info. |
I have also been confused for a while about the issue of security in testing. If one does apt-get update; apt-get upgrade then everything gets updated to the latest package version for one's Debian version anyway, testing in this case, so what's the significance of special security updates? Are they only relevant if one is not doing full updates (and only has a reference to the security update and not the general update in the apt sources list) ?
|
Doing full updates is a sure way of endangering your system , IMO.
If you don't have apt-listbugs installed (first thing to do after installing), you may not be sure whether such or such app is not going to put a threat on it, maybe not immediately, but when performing actions you were used to doing safely before and that may not be so any longer. When you just read about 'critical bugs' in such or such application in the 'upadate' list, with an option to say 'yes' or 'no', it is much of a relief and if you do agree, you take a risk but are warned that you do. It is much more important, I think, than 'security' updates. A tool like aptitude, or synaptic or even kpackage enables you to select updates one by one which is the best thing to do, I think. |
Depends on what kind of bug it is. If it's a security threat it might be so. But I've never used apt-listbugs and never had much trouble. had to fix some things but that's the fun of it.
|
If you actually look at what's available for etch on the security site you'll see that it's empty.
AFAIK they don't release security updates for testing, if you run testing you pretty much have to wait for the new version of the package to go into sid and then filter into testing automatically. |
Quote:
The 'testing' repos are not for the security minded. |
If you are concerned about security you do not run testing. Period. There is no formal security support for testing (never has been).
Quote:
|
All times are GMT -5. The time now is 07:08 AM. |