DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
IIRC, the main thing to watch out for when using aptitude is that it uses own database for for putting packages on hold instead of the standard dpkg backend used by all(?) the other Debian package managers. So for basic stuff you can use both, but you need to be bit careful if you are doing more complicated things.
IIRC, the main thing to watch out for when using aptitude is that it uses own database for for putting packages on hold instead of the standard dpkg backend used by all(?) the other Debian package managers. So for basic stuff you can use both, but you need to be bit careful if you are doing more complicated things.
Evo2.
And, I may be wrong here, but you can set apt-get and aptitude to treat Recommends in different ways (install by default or not), and they have opposite defaults, if I remember correctly. This too can give some unexpected results. For aptitude, this can be configured easily from within the ncurses interface, btw.
All of this is less critical when aptitude is used interactively, anyway.
I am just sharing my experience. I do not know whether that command work or not.
But I regularly update only those packages for which there is some security issues from debian security advisory (I have subscribed it in my email, so when there is one it is sent in my email, then I check for new ones.).
I have been using Debian Sid for around 6 months, but never my system broke due to only upgrading security fixes.
For upgrade I use
Code:
apt-cache showsrc packagename
for give source 'packagename' from Debian Security Advisory to see all binary 'packages' belonging to 'packagename'.
Then using
Dear Head_on_a_Stick,
Yes you are right that everything is pulled directly from upstream,
But it doesn't mean that if a security hole is found then it is not fixed in Sid.
Only security team doesn't handle that.
Quote:
Not in the same sense that stable does. If the maintainer of a package fixes a security bug and uploads the package, it'll go into sid by the normal means. If the maintainer doesn't do that, then it won't. The security team only covers stable (and possibly testing... there's a pending issue for that case).
Sid users are strongly urged to subscribe to the Debian security announce mailing list. And while you're at it, you should also be on the Debian devel announce list and Debian devel list.
From your ref link,
That's why I have subscribed to "Debian security announce mailing list".
This helps a lot. It lists all packages installed on your system with version number which belongs to package specified in debian security advisory https://www.debian.org/security/#DSAS
So you can manually check with security advisory whether you have older version than specified and upgrade all those packages using
To add another "me too" here -- I run Sid and dist-upgrade every day which tends to mean that if something breaks it only does so for that day. When the developers do things like move the NVIDIA drivers between parts of the repository it does break things and that may not have been noticed had I dist-upgraded a few days later but I'm not entirely convinced it would have gone without a hitch and the large number of updates may have made it harder to track down what happened.
I also get the impression that there are very few security updates to Sid at all as I subscribe to the Debian Security mailing list and the Sid updates don't really match them in the same way that the Stable updates do -- with Sid sometimes they go unpatched for a while and sometimes they were just part of another upgrade a couple of increments ago.
The above is all experience though and not analysis and I certainly don't know enough about things to make any definite statements.
About the same as I do.
I use timeshift t make daily (system) backups, so in case of real trouble I can restore my system in about 10 minutes to an earlier state.
With the same timeshift I create every now and then a "fallback" system on a second partition, to start from if the main system is FUBAR.
I use a third system (on a third partition) for testing upgrades, if I do not trust it on beforehand.
So triple booting...
/home is on another ssd, so timeshift restores are pretty fast. Might be even faster when using BTRFS (but I still use EXT4)
Am I paranoid? Anyone better ideas, or suggestions for improvement?
My profile says MX Linux (Buster). I switched away from that 2 months ago, but I can still revert to that with timeshift.
Will update my profile
Last edited by remmilou; 02-02-2021 at 04:15 AM.
Reason: Addition about profile.
When I ran mixed testing/unstable, I never needed that level of contingency. The main thing is to check the output of apt-listbugs, which you should be using on testing/unstable regardless and triple check before answering "y". But yes, back ups are a good idea.
When I ran mixed testing/unstable, I never needed that level of contingency. The main thing is to check the output of apt-listbugs, which you should be using on testing/unstable regardless and triple check before answering "y". But yes, back ups are a good idea.
Ahh... yes... apt-listbugs. I switched that off for some reason I do not remember. Will switch it on again.
THANKS!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.