Page 1 of 2

Long time without get any update

Posted: Mon Oct 29, 2012 6:18 am
by elemenophee
Hi there!

For two weeks more or less I haven't received any update of LMDE.

Quite weird being a rolling release distribution.. So what is wrong? Are you getting updates? When I had Debian Testing I had mostly everyday an update.

My source.list is:
deb http://packages.linuxmint.com/ debian main upstream import backport
deb http://debian.linuxmint.com/latest testing main contrib non-free
deb http://debian.linuxmint.com/latest/security testing/updates main contrib non-free
deb http://debian.linuxmint.com/latest/multimedia testing main non-free

Re: Long time without get any update

Posted: Mon Oct 29, 2012 6:28 am
by xenopeek
LMDE gets upgrades through update packs, which are a collection of upgrades from the Debian testing repository--from which packages that were found by the LMDE testers to cause problems have been held back. Update pack 6 (UP6) will be released before end of the year. To get more information about how LMDE works see the FAQ: http://forums.linuxmint.com/viewtopic.php?f=197&t=91405

Also note that Debian testing is currently in freeze, to prepare for Debian 7.0 release.

Re: Long time without get any update

Posted: Wed Oct 31, 2012 12:01 pm
by ddurdle
So are the latest and incoming both have the same packages? or is incoming still newer?

Re: Long time without get any update

Posted: Wed Oct 31, 2012 1:41 pm
by xenopeek
Incoming is newer; it gets upgrades earlier (so you can help ensure the upgrades go fine).

Re: Long time without get any update

Posted: Sun Nov 25, 2012 3:54 pm
by elemenophee
I'm still thinking about this. I haven't gotten any update yet. I guess I have the UP5, how can I check this?

Isn't a bit insecure this way of upgrade? For example: Imagine that suddenly someone discovers a 0day in VLC. VLC team fix it and develops a new version. If I don't read about this, my PC will be compromised until the next UP be ready, because if I don't read about the exploit I won't download any new version from VLC site.

Re: Long time without get any update

Posted: Sun Nov 25, 2012 4:25 pm
by zerozero
we are elaborating in a non-existing possibility :D anyway ...
rest assured that if a serious vulnerability is discovered the team has the tools to push a point update to fix the problem.

but this doesn't answer the general question: if you are extremely conscious about security additionally to the lmde faq already linked you should also read this >> http://www.debian.org/security/faq#handling

Re: Long time without get any update

Posted: Tue Nov 27, 2012 4:18 pm
by ddurdle
xenopeek wrote:Incoming is newer; it gets upgrades earlier (so you can help ensure the upgrades go fine).
I don't think you understood my question. I asked if it was still newer, as in, now that UP5 was pushed through as latest.

I answered my own question today. I pointed my install to "incoming" from "latest" and did an update. There are no new packages to update/install from "incoming" that was not in "latest".

I guess no pre-UP6 stuff to test.

Re: Long time without get any update

Posted: Tue Nov 27, 2012 7:05 pm
by zerozero
ddurdle wrote:So are the latest and incoming both have the same packages? or is incoming still newer?
for the most part of the time incoming and latest are exactly identical; then one day "update pack to come" hits incoming and stays there for days/weeks depending on the time required to squash bugs/collect information in order to make the transition to latest the safest possible; when the team considers this process solid, the UPx migrates to latest and both are again identical until the process starts again.

Re: Long time without get any update

Posted: Tue Dec 04, 2012 6:45 am
by petrusminos
As windows mister,
- rolling update for some vulnerabilities
- UP as Service Packs with a big bag of patchs.

But I'm like Elemenophee in the first,
I was thinking about an everyday's update, and not some big packs like Ubuntu (with the 6 months's upgrade) causing (sometimes) some system failures after the big upgrade.

Re: Long time without get any update

Posted: Tue Dec 04, 2012 6:41 pm
by elemenophee
After a month and a half without updates (only Chrome has been updating) you really should consider "sell" LMDE with other slogan.

This version isn't rolling release at all. It's a nice version, but no a rolling release one.

As petrusminos said, this is most likely to a normal version of Ubuntu based Mint.

Sent through Tapatalk

Re: Long time without get any update

Posted: Tue Dec 04, 2012 6:59 pm
by xenopeek
elemenophee wrote:As petrusminos said, this is most likely to a normal version of Ubuntu based Mint.
Nope; on LMDE you don't need to reinstall to get a new release as you do with the Linux Mint Main Edition. And the ongoing freeze of Debian testing (since June) as part of the Debian 7 release is making it less relevant that there are fewer UPs this year, as only select upgrades get pushed from unstable to testing (and hence to LMDE). There is no automatic migration from unstable to testing during the freeze (normally there is), only manual migration for fixing of release bugs.

I think the LMDE FAQ pretty much details that LMDE is a rolling release with packaged upgrades, which are tested together before they are pushed to all users. Aim is to decrease the number of upgrade problems and increase stability, while still offering the "install once" benefit of rolling releases.

Anyway, you may have some predefined ideas about what a "rolling release" should be. LMDE is indeed a pseudo-rolling release as you don't get upgrades from Debian testing the minute they are available on Debian testing. But if you wanted that, you would be using Debian testing I'd assume.

Re: Long time without get any update

Posted: Wed Dec 05, 2012 2:49 am
by sobrus
Technically LMDE is a rolling release. It's just rolling at much slower rate, to give better stability.
You can consider it as something in-between traditional rolling and normal distro.

And I wonder why everybody considers it a disadvantage. I don't really want to install 300MB of useless stuff daily on my write-limited SSD, nor search for new bugs every week.
Just to have something 1.5.3 instead of 1.5.2, If I really want 1.5.3 - I can always do apt-pinning for sid.

Re: Long time without get any update

Posted: Wed Dec 05, 2012 5:10 am
by elemenophee
The only part that make sense for me is the frozen repositories. We'll see after Wheezy release how often are the updates.

When I used Ubuntu I never upgrade a version, but if I'm not mistaken, you could upgrade to the next version from update manager. So like the bigs UPs you do with LMDE.

I'm not talking about daily updates, but for example weekly or two weeks updates. On this way less changes are made and hence, less chances to screw up the system.

Sent through Tapatalk

Re: Long time without get any update

Posted: Wed Dec 05, 2012 7:38 am
by killer de bug
A recent study among Ubuntu's users has proven that 25% of the upgrades (made without reinstallation) fail and the only way to repair is a... reinstallation.
Ubuntu is currently working on the upgrade process because it's absolutely not safe.

With Mint Debian it's working nicely... So UP are probably the best for safety. I do not want to upgrade every week. Too much time lost, too risky too. Maybe every 1 month or 2 months would be great. But not weekly. Definitely ! :wink:

Re: Long time without get any update

Posted: Wed Dec 05, 2012 7:40 am
by totviu
My opinion is that LMDE is a great idea, but it has not been develolped properly. I mean the original idea when the latest repo was released was to provide the LMDE users with Update packages every month, this would have been great if the users had got security updates as soon as Debian testing publishes them. At first the reality was that it took the LMDE users one month (when the UP was released) to get a security patch for any bug that might be found during the month, it was not the best security policy but it was acceptable. However, during the last year the LMDE users only get update packages every 3-4 months, and does not get any security patch during all this time, that is why I think that is really risky to use LMDE.

Of course it is very stable (if you don't get any update, you can't break anything) but it is insecure. In fact I don't think there is another distro in the Linux world that only gets security or any other kind of updates every 3 or 4 months, so I would never define LMDE as a semi rolling release, (regardless what wikipedia says about rolling distros).

BTW, I am pure Debian testing user, and despite the fact Testing is frozen at the moment, I get bug patches and security updates several times a week.


Having said that, I must admit that despite the fact that the Linux Mint team have limited resources, they are doing a great job and they do it without charging a pen to their users, and that is why I will always be thankful and I will give them a good piece of advice: If they can`t handle so many editions at the same time, they should focus on one.

Re: Long time without get any update

Posted: Wed Dec 05, 2012 8:33 am
by xenopeek
totviu wrote:if the users had got security updates as soon as Debian testing publishes them
Just clarifying that you do not get any security updates in Debian testing. Outside of the freeze period packages in testing are migrated from unstable by an automatic process (if it is determined that the version from unstable has less release critical bugs than the version in stable).

The Debian security team only manages Debian stable.

For more information about what exactly Debian testing is, see here: http://www.debian.org/devel/testing

Edit: I can recommend the (free online/download, or for purchase as book) Debian Administrator's Handbook for understanding more about the Debian distribution and its repositories. See here: http://debian-handbook.info/. Especially chapter 1.5 detailing the lifecycle of a release is very helpful: http://debian-handbook.info/browse/stab ... cycle.html

Re: Long time without get any update

Posted: Wed Dec 05, 2012 8:56 am
by sobrus
killer de bug wrote:A recent study among Ubuntu's users has proven that 25% of the upgrades (made without reinstallation) fail and the only way to repair is a... reinstallation.
Ubuntu is currently working on the upgrade process because it's absolutely not safe.
This is exactly what I've encountered with openSUSE Tumbleweed (which is nice system btw and partially rolling too).
11.4->12.1 failed on both my machines, both quite different (Intel Quad with HD5670 and Via C3 thin client).

And security... well LMDE ain't security oriented distro, but Linux is quite secure out of the box.
Home users really don't need fort knox, especially since most machines are already behind a router with no forwarded ports, and linux malware is scarce.
Having newest software won't help much if router and machine aren't properly configured (ie disable root login for ssh, limit allowed IPs for samba etc). This is what should be done in the first place*.
For laptops and wifi, just remember to enable firewall and hacking it will be whole lot more troubling. I can't imagine anyone using unknown wireless network without firewall enabled.

As LMDE isn't that much outdated - I wouldn't worry much too. This is not Windows XP with 10yr old kernel and tons of malware waiting for security hole (and even such system can be quite safe if set up correctly).

*and this is what I don't want to do and test every 6 months

Re: Long time without get any update

Posted: Wed Dec 05, 2012 9:24 am
by petrusminos
For me, my idea about rolling update was easy to understand, system is always updated day after day, month after month, each software is updated when it's needed...
The fact there are UP makes me surprised. UP is in my head like a Service Pack 1-2-3 for Windows XP for example. Then some bigs updates/upgrade on 1 time, that can make a lot of mess in the system during 1 update/upgrade with 1 UP.

I'm ok stability is nice, security too.

For me, I think it's easiest to update when there's an update available about a software: you can know it's apache2-common you updated is causing troubles... In a big UP, you don't really know what can be the problem.
I'm not dev, just a end-user :p

I saw Sobrus writing:
I don't really want to install 300MB of useless stuff daily on my write-limited SSD
I think 2 little updates by week = 1 big UP sometimes to decompress/uninstall old version/install new/clean temp
Ok, the 3 updates for apache2 will result in 1 on an UP... But I'm not sure today's good SSD a so little lifetime ;)

Re: Long time without get any update

Posted: Wed Dec 05, 2012 9:36 am
by sobrus
This was probably discussed to death already, and in result - nobody (yet) came across idea better than update packs.
Other than having update packs, but released more frequently, of course.
I agree with you smaller updates are easier to install. Initially, update packs were meant to be released monthly.

This problably can/will be done, but requires more work and more manpower for LMDE team.

For true rolling distro you can follow debian testing, or even sid - there is no problem with it - but sooner or later you will run into trouble (unless you carefully read and check, what are you updating).

Re: Long time without get any update

Posted: Wed Dec 05, 2012 10:19 am
by rop75
xenopeek wrote:
totviu wrote:if the users had got security updates as soon as Debian testing publishes them
Just clarifying that you do not get any security updates in Debian testing.

The Debian security team only manages Debian stable.
Are you sure?. You should read these two links:

http://www.debian.org/security/faq.en.html#testing
http://secure-testing-master.debian.net/