DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just wondering, I installed sarge and upgraded to etch (testing). There is a security line, deb http://security.debian.org/ stable/updates main
If I leave that there will I still get security updates even though I am running testing and not stable? I am running the computer as a desktop so I don't know if I even need it, but I would like it to be as secure as possible. Currently, I have it commented out..because I didn't know if it would work.
BTW, do you guys install Firestarter and SElinux on desktops?
and if you are behind a firewall router, do you still install a firewall?
sorry for the newbie questions but I have never bothered with linux security before.
Most of the time testing will have the fixes in it already since the version number is higher. The security is just for sarge cause it doesn't change anymore except for security updates.
I'm using firestarter. I have a wireless router but it doesn't have firewalling abilities.
Originally posted by r3dhatter
Just wondering, I installed sarge and upgraded to etch (testing). There is a security line, deb http://security.debian.org/ stable/updates main
If I leave that there will I still get security updates even though I am running testing and not stable? I am running the computer as a desktop so I don't know if I even need it, but I would like it to be as secure as possible. Currently, I have it commented out..because I didn't know if it would work.
I'm not 100% sure, but these security updates will refer to the 'stable' versions of the software. The version of most software used in Etch will be higher, and these updates will not be used.
The security updates in SID will be the next available version of the program.
Quote:
and if you are behind a firewall router, do you still install a firewall?
Yes, if you are not alone in the local network. And if you are alone... it depends on how much you trust the manufacturer of the router and on how paranoid you are
Take a look at the directory structure: http://security.debian.org/dists/ You'll notice that both "etch" and "testing" are supported and you can change the "stable/updates" part in your sources.list entry either to "etch/updates" or "testing/updates".
However, after the Sarge release there has been some confusion at security.debian.org and some of the security updates that the "testing security team" has uploaded there have not become available for download. http://www.infodrom.org/~joey/log/
I'm sure they'll fix the problems in the very near future. Security has always been high priority for Debian.
I have also been confused for a while about the issue of security in testing. If one does apt-get update; apt-get upgrade then everything gets updated to the latest package version for one's Debian version anyway, testing in this case, so what's the significance of special security updates? Are they only relevant if one is not doing full updates (and only has a reference to the security update and not the general update in the apt sources list) ?
Depends on what kind of bug it is. If it's a security threat it might be so. But I've never used apt-listbugs and never had much trouble. had to fix some things but that's the fun of it.
If you actually look at what's available for etch on the security site you'll see that it's empty.
AFAIK they don't release security updates for testing, if you run testing you pretty much have to wait for the new version of the package to go into sid and then filter into testing automatically.
Originally posted by Noth AFAIK they don't release security updates for testing, if you run testing you pretty much have to wait for the new version of the package to go into sid and then filter into testing automatically.
Yes, that's what I've always heard.
The 'testing' repos are not for the security minded.
If you are concerned about security you do not run testing. Period. There is no formal security support for testing (never has been).
Quote:
http://www.debian.org/security/faq#testing
Q: How is security handled for testing and unstable?
A: The short answer is: it's not. Testing and unstable are rapidly moving targets and the security team does not have the resources needed to properly support those. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable. However, the security secretaries will try to fix problems in testing and unstable after they are fixed in the stable release.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.