Adding Debian security repos to LMDE sources

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help

Adding Debian security repos to LMDE sources

Postby jimk4003 on Thu Jan 10, 2013 2:38 pm

Hi All,

I have recently converted to LMDE from Ubuntu 12.10 and 12.04 before that, and must say I'm enjoying the LMDE experience so far. I do have one query regarding how LMDE/ Debian in general handles security updates. Apologies if this is a noob question, I have read around the forums a bit and can't quite find the answer to my query.

I understand that LMDE organises the rolling release Debian testing branch into Update Packs which are then periodically released. The main benefit of this being, as I understand, that any potential bugs/ breakages from the Debian testing branch can be ironed out before being pushed out to unsuspecting people like myself. Conversely, I understand that a downside to this approach is that security updates can be slower reaching LMDE than they are reaching the pure Squeeze/ Wheezy branches.

My question, or rather questions, are as follows.

1) Can we get around the delay in LMDE security updates by adding the standard Debian security repo to the sources list, or is this a recipe for conflicts?
2) If we can, is it best to add the squeeze security repo "deb http://security.debian.org/ squeeze/updates main contrib non-free", or the wheezy security repo "deb http://security.debian.org/ wheezy/updates main contrib non-free"
3) Is there any merit in adding both repos? As I understand it the Debian Security team primarily provides support for Debian Stable, and then for Debian testing (http://www.debian.org/security/faq#testing). Are there therefore likely to be security patches in stable that have not been added in testing, or have a read this all wrong?
4) Taking answers to the above into account (sorry, I'm getting there, I promise) am I likely to encounter issues with a sources list that currently looks like this:

deb http://mirror.tuxis.nl/packages/ debian main upstream import
deb http://www.mirrorservice.org/sites/debi ... ian/latest testing main contrib non-free
deb http://www.mirrorservice.org/sites/debi ... t/security testing/updates main contrib non-free
deb http://www.mirrorservice.org/sites/debi ... multimedia testing main non-free

deb http://ftp.us.debian.org/debian testing main contrib non-free
deb-src http://ftp.us.debian.org/debian testing main contrib non-free
deb http://repository.spotify.com stable non-free
deb-src http://repository.spotify.com stable non-free
deb http://security.debian.org squeeze/updates main contrib non-free
deb-src http://security.debian.org squeeze/updates main contrib non-free
deb http://security.debian.org wheezy/updates main contrib non-free
deb-src http://security.debian.org wheezy/updates main contrib non-free

Apologies for the long-winded first post, any guidance would be appreciated.

Many thanks,

Jim
jimk4003
Level 1
Level 1
 
Posts: 4
Joined: Thu Jan 10, 2013 2:14 pm

Linux Mint is funded by ads and donations.
 

Re: Adding Debian security repos to LMDE sources

Postby zerozero on Thu Jan 10, 2013 4:54 pm

hi :) welcome to the forums

the way you're planning to do it is a recipe to disaster; you either stay in the update-packs flow (latest or incoming, one or the other, the one that suits you better) or you go all the way to testing (or sid); playing in-betweens as you are thinking is a no-go.

regarding the main issue (security) i think you should start here http://forums.linuxmint.com/viewtopic.php?f=197&t=91405 (S2 -Q1)
from there to here http://forum.linuxmint.com/viewtopic.php?f=198&t=98260&start=0
and then here http://forum.linuxmint.com/viewtopic.php?f=186&t=84894&start=0#p491421
and from there finally here http://forums.linuxmint.com/viewtopic.php?f=190&t=82844&hilit=+security

feel free to ask.
Image

[ bliss of ignorance ]
zerozero
Level 16
Level 16
 
Posts: 6492
Joined: Tue Jul 07, 2009 2:29 pm

Re: Adding Debian security repos to LMDE sources

Postby jimk4003 on Thu Jan 10, 2013 8:25 pm

Thanks zerozero,

That's a great help. Looks like you helped me dodge a banana skin there!
jimk4003
Level 1
Level 1
 
Posts: 4
Joined: Thu Jan 10, 2013 2:14 pm

Re: Adding Debian security repos to LMDE sources

Postby cwwgateway on Thu Jan 10, 2013 11:21 pm

zerozero is very right, and I believe that when UPs were originally introduced, they still used the Security and Multimedia Repos, but they caused problems (I'm not completely sure though, as that was before my time with LMDE :) ). I believe that the LM team would update any packages that have significant problems, but overall the UPs are behind on security. Personally, I find that stable gets updates basically ASAP, and Debian is very good at patching all of that stuff. While Testing has a security repo and sid doesn't, it's my understanding that security updates enter sid before testing in most cases and the updates follow the standard migration requirements (10 days old, no release critical bugs, etc). However, I think that if there are significant vulnerabilities, the Debian security team will "skip" this process and move them directly into the security repo.

You can usually apt pin packages from newer releases if absolutely necessary (but only if absolutely necessary), although I'm very guilty of breaking this guideline :lol: . I pin AWN and compiz from Sid and iceweasel and icedove from experimental on my testing installs and use a few too many backports on my stable installs. For certain packages it will work out, but probably not to the extent I do it, although iceweasel 18 works great on Debian while firefox 18 for windows is broken :lol: . I can't open it any more after the update on Windows, so I feel somewhat better about pulling important packages from experimental. Anyways, the point is that in specific cases where you're willing to risk breakages and it is absolutely critical that you have the version in some other release, you can use apt pinning to install it.
Dell XPS 15 l502x - Debian Testing 64-bit NetInst Xfce, SolydX 64-bit Debian Testing, SolydK 64-bit SolydXK Testing
Old Gateway Pentium 4 Desktop - Arch Linux 64-bit Xfce and SolydX 32-bit Sid
cwwgateway
Level 5
Level 5
 
Posts: 839
Joined: Fri Nov 11, 2011 10:44 pm


Return to Newbie Questions

Who is online

Users browsing this forum: No registered users and 1 guest