[Server-devel] Debian LTS Clarification & UbuCon @ SCaLE March 1-2 (free)

Adam Holt holt at laptop.org
Mon Feb 20 10:10:12 EST 2017 

On Mon, Feb 20, 2017 at 9:19 AM, Adam Holt <holt at laptop.org> wrote:

> Many thanks James.  Speaking of LTS-like rubber meeting the road, Raspbian
> Pixel isn't exactly Debian but it has suddenly upgraded chromium-browser in
> recent days from Chromium 51 to 56.0.2924.84-0ubuntu0.14.04.1.1000 for
> those who run:
>
>    apt-get update
>    apt-get upgrade
>

For completeness, the above "holds back" installing several packages, often
relating to security restructuring etc.  These can be installed with:

   apt-get dist-upgrade

At your own risk of course.  Those running X Windows(*) can also force
these upgrades by going to the top-left (Raspberry menu) -> Preferences ->
Add / Remove Software -> Options menu -> Check for Updates.

For example pprompt-0.9 was very recently upgraded to pprompt-0.11 (
https://github.com/raspberrypi-ui/pprompt) to better remind Raspbian users
NOT to leave default ssh passwords (like pi / raspberry) open.  Left
unchanged, this is easily used by remote intruders to potentially destroy
your system when it's put online.


(*) LXDE-pi for now, Raspbian may move towards LXQt in future, as LXDE also
moves in that direction.



(To remove all cruft for testing purposes, I happen to also run...)
>
>    apt-get autoclean
>    apt-get autoremove
>
> Amazingly this new Chromium 56 browser cannot load most Google-related web
> sites such as:
>
>    https://google.com
>    https://gmail.com
>    https://youtube.com
>    https://plus.google.com
>    https://hangouts.google.com
>
> Other web sites load normally.  If anybody has suggestions, the error is:
>
>    ERR_SSL_PROTOCOL_ERROR
>
> Looks like Raspbian's QA process overlooked this issue, that will render
> the browser useless for many people.  Everyone makes mistakes.  Raspbian
> forums have not responded to this bug (insofar as I can tell?) so perhaps
> we just need to wait:
>
>    https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=174870
>
> On Sun, Feb 19, 2017 at 11:50 PM, James Cameron <quozl at laptop.org> wrote:
>
>> On Sat, Feb 18, 2017 at 03:58:26PM -0500, Adam Holt wrote:
>> > Thanks to Alex Perez:
>> >
>> > "The Debian project is extending its famous development process to offer
>> > long-term support."
>> > http://www.linux-magazine.com/Issues/2017/194/Debian-LTS
>> >
>> > I'm having trouble understanding if this is really different from
>> > the promises made in very recent years,
>>
>> Which promises are they?  My guess is that you don't actually need to
>> compare promises in detail.
>>
>> > but hopefully experts can clarify how the rubber's increasingly
>> > meeting the road, delivering on these proactive security promises :)
>>
>> Probably you mean "how to use LTS?"
>>
>> 1.  recognise that long-term support is mostly security updates which
>> close vulnerabilities that are detected after release,
>>
>> 2.  set up and test the automated installation of the security updates
>> (using http://security.debian.org/ in sources.list); if network
>> bandwidth for updates is a problem, avoid deploying certain large
>> packages, set large packages to hold using dpkg, switch to using
>> ostree, delta packages, or use other tricks,
>>
>> 3.  make a list of packages for which you need long-term support; such
>> as the list of packages in your product, (sudo dpkg-query -W),
>>
>> 4.  subtract from the list any that the Debian release notes
>> specifically exclude; such as WebKit or VirtualBox; and figure out how
>> to self-support those packages,
>>
>> 5.  the remaining packages are long-term supported; so ensure the
>> debian-security-support package is installed and is configured to
>> inform the user somehow.
>>
>> --
>> James Cameron
>> http://quozl.netrek.org/
>> _______________________________________________
>> Server-devel mailing list
>> Server-devel at lists.laptop.org
>> http://lists.laptop.org/listinfo/server-devel
>>
>> --
>> <http://lists.laptop.org/listinfo/server-devel>
>> <http://lists.laptop.org/listinfo/server-devel>
>> Unsung Heroes of OLPC, interviewed live @
>> <http://lists.laptop.org/listinfo/server-devel>http://unleashkids.org !
>>
>


-- 
Unsung Heroes of OLPC, interviewed live @ http://unleashkids.org !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/server-devel/attachments/20170220/b5dd18c1/attachment-0001.html>

More information about the Server-devel mailing list