<div dir="ltr">On Mon, Feb 20, 2017 at 9:19 AM, Adam Holt <span dir="ltr"><<a href="mailto:holt@laptop.org" target="_blank">holt@laptop.org</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div>Many thanks James. Speaking of LTS-like rubber meeting the road, Raspbian Pixel isn't exactly Debian but it has suddenly upgraded chromium-browser in recent days from Chromium 51 to 56.0.2924.84-0ubuntu0.14.04.1.<wbr>1000 for those who run:<br></div><br></div> apt-get update<br></div> apt-get upgrade<br></div></div></div></div></div></div></blockquote><div><br></div><div>For completeness, the above "holds back" installing several packages, often relating to security restructuring etc. These can be installed with:<br><br> apt-get dist-upgrade<br><br>At your own risk of course. Those running X Windows(*) can also force these upgrades by going to the top-left (Raspberry menu) -> Preferences -> Add / Remove Software -> Options menu -> Check for Updates.<br><br></div><div>For example pprompt-0.9 was very recently upgraded to pprompt-0.11 (<a href="https://github.com/raspberrypi-ui/pprompt">https://github.com/raspberrypi-ui/pprompt</a>) to better remind Raspbian users NOT to leave default ssh passwords (like pi / raspberry) open. Left unchanged, this is easily used by remote intruders to potentially destroy your system when it's put online.<br></div><div><br><br>(*) LXDE-pi for now, Raspbian may move towards LXQt in future, as LXDE also moves in that direction.<br><br><br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div><div>(To remove all cruft for testing purposes, I happen to also run...)<br></div><div><br></div> apt-get autoclean<br></div> apt-get autoremove<br><br></div>Amazingly this new Chromium 56 browser cannot load most Google-related web sites such as:<br><br> <a href="https://google.com" target="_blank">https://google.com</a><br> <a href="https://gmail.com" target="_blank">https://gmail.com</a><br></div><div> <a href="https://youtube.com" target="_blank">https://youtube.com</a><br></div><div> <a href="https://plus.google.com" target="_blank">https://plus.google.com</a><br></div><div> <a href="https://hangouts.google.com" target="_blank">https://hangouts.google.com</a><br></div><div><br>Other web sites load normally. If anybody has suggestions, the error is:<br><br></div> ERR_SSL_PROTOCOL_ERROR<br><br></div>Looks like Raspbian's QA process overlooked this issue, that will render the browser useless for many people. Everyone makes mistakes. Raspbian forums have not responded to this bug (insofar as I can tell?) so perhaps we just need to wait:<br><br> <a href="https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=174870" target="_blank">https://www.raspberrypi.org/<wbr>forums/viewtopic.php?f=63&t=<wbr>174870</a><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="gmail-h5">On Sun, Feb 19, 2017 at 11:50 PM, James Cameron <span dir="ltr"><<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="gmail-h5"><span>On Sat, Feb 18, 2017 at 03:58:26PM -0500, Adam Holt wrote:<br>
> Thanks to Alex Perez:<br>
><br>
> "The Debian project is extending its famous development process to offer<br>
> long-term support."<br>
> <a href="http://www.linux-magazine.com/Issues/2017/194/Debian-LTS" rel="noreferrer" target="_blank">http://www.linux-magazine.com/<wbr>Issues/2017/194/Debian-LTS</a><br>
><br>
> I'm having trouble understanding if this is really different from<br>
> the promises made in very recent years,<br>
<br>
</span>Which promises are they? My guess is that you don't actually need to<br>
compare promises in detail.<br>
<span><br>
> but hopefully experts can clarify how the rubber's increasingly<br>
> meeting the road, delivering on these proactive security promises :)<br>
<br>
</span>Probably you mean "how to use LTS?"<br>
<br>
1. recognise that long-term support is mostly security updates which<br>
close vulnerabilities that are detected after release,<br>
<br>
2. set up and test the automated installation of the security updates<br>
(using <a href="http://security.debian.org/" rel="noreferrer" target="_blank">http://security.debian.org/</a> in sources.list); if network<br>
bandwidth for updates is a problem, avoid deploying certain large<br>
packages, set large packages to hold using dpkg, switch to using<br>
ostree, delta packages, or use other tricks,<br>
<br>
3. make a list of packages for which you need long-term support; such<br>
as the list of packages in your product, (sudo dpkg-query -W),<br>
<br>
4. subtract from the list any that the Debian release notes<br>
specifically exclude; such as WebKit or VirtualBox; and figure out how<br>
to self-support those packages,<br>
<br>
5. the remaining packages are long-term supported; so ensure the<br>
debian-security-support package is installed and is configured to<br>
inform the user somehow.<br>
</div></div><span class="gmail-m_-2464176546576135186HOEnZb"><font color="#888888"><div><div class="gmail-h5"><br>
--<br>
James Cameron<br>
<a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
______________________________<wbr>_________________<br>
Server-devel mailing list<br>
<a href="mailto:Server-devel@lists.laptop.org" target="_blank">Server-devel@lists.laptop.org</a><br>
</div></div><a href="http://lists.laptop.org/listinfo/server-devel" rel="noreferrer" target="_blank">http://lists.laptop.org/listin<wbr>fo/server-devel<span class="gmail-HOEnZb"><font color="#888888"><br clear="all"><br>-- <br></font></span></a><font color="#888888"><div class="gmail-m_-2464176546576135186gmail_signature"><a href="http://lists.laptop.org/listinfo/server-devel" rel="noreferrer" target="_blank"></a><div dir="ltr"><a href="http://lists.laptop.org/listinfo/server-devel" rel="noreferrer" target="_blank">Unsung Heroes of OLPC, interviewed live @ </a><a href="http://unleashkids.org" target="_blank">http://unleashkids.org</a> !</div></div>
</font></font></span></blockquote></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">Unsung Heroes of OLPC, interviewed live @ <a href="http://unleashkids.org" target="_blank">http://unleashkids.org</a> !</div></div>
</div></div>