[Solved] Are this sources.list ok for Debian Stretch?

[efrpcabo]

Hello,

Can somebody please confirm if this sources.list are alright for Debian Stretch (testing)?

deb http://ftp.debian.org/debian/ stretch main contrib non-free
deb-src http://ftp.debian.org/debian/ stretch main contrib non-free

deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free
deb-src http://ftp.debian.org/debian/ stretch-updates main contrib non-free

deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free

I'm moving from Debian Jessie (stable) to Debian Stretch, doing with a completely fresh install.
My concern is related to security.
All things equal, will I have a similar level of security with Stretch, using this sources.list, as I had with Jessie?
I understand that Jessie is the stable branch, so maybe it will be unbeatable. But, I'd like to know your opinion.

[arochester]

Code: Select all

deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free

Security only has main ---not contrib and non-free.

[GarryRicketson]

by efrpcabo » All things equal, will I have a similar level of security with Stretch, using this sources.list, as I had with Jessie?

Not really .
https://www.debian.org/releases/stretch/

Debian “stretch” Release Information

The code name for the next major Debian release after jessie is "stretch".

This release started as a copy of jessie, and is currently in a state called "testing". This means that things should not break as badly as in unstable or experimental distributions, because packages are allowed to enter this distribution only after a certain period of time has passed, and when they don't have any release-critical bugs filed against them.

Please note that security updates for "testing" distribution are not yet managed by the security team. Hence, "testing" does not get security updates in a timely manner. You are encouraged to switch your sources.list entries from testing to jessie for the time being if you need security support. See also the entry in the Security Team's FAQ for the "testing" distribution.

[stevepusser]

That becomes much less of an issue once testing enters the frozen state, which Stretch did some months ago. There won't be upgrades to almost any packages, just updates to the same version that squash bugs.

That sources.list should be correct once Stretch is released, though...is that what the installer is giving you?

[Bulkley]

Security only has main ---not contrib and non-free.

Agreed. Morever, there is no point to keeping contrib and non-free open forever. Non-free will only be used for firmware blips to run proprietary hardware; once done it's done. Contrib will only be used to install a few items but surprisingly less than I used to expect. Most users don't need the deb-src lines.

The one that puzzles me is this:

Code: Select all

deb http://ftp.debian.org/debian/ stretch-updates main

I have simply never understood the point so I run without it and, as far as I can tell, I've never missed it. Correct me if I'm wrong but I don't remember it being recommended back when I started using Debian some time in the last century.

Consequently, my sources.list looks like this:

Code: Select all

deb http://ftp.debian.org/debian/ stretch  main #contrib

deb http://security.debian.org/ stretch/updates main

[efrpcabo]

Thank you all for the replies.
I'm going to remove "contrib and non-free" from security.

I liked to read stevepusser reply that Stretch is now in the frozen fase and it's implications, so I'm going to install it and leave stable Jessie now, although as GarryRicketson said, the level of security will not be similar.

I got surprised with Bulkley reply because I think is really cool having only two lines in sources.list.

By the way, I got the sources.list posted in the OP from this generator: https://debgen.xyz

Regards

[Bulkley]

When you do the upgrade do it slowly and carefully. You will save yourself a lot of headaches.

1. Do a complete backup. Everything. I prefer to clone it all to a spare hard drive, including Grub. (I got the drive by scavenging an old PC.) I have had to use the backup enough times to appreciate its value.

2. Shutdown X and work from a console. The less you have running, the better.

3. Upgrade your Jessie.

Code: Select all

# apt-get update && apt-get upgrade

4. Test it. Then

Code: Select all

# apt-get update && apt-get dist-upgrade

5. Test it. Change sources.list to Stretch. Then

Code: Select all

# apt-get update && apt-get upgrade

6. Test it. Then

Code: Select all

# apt-get update && apt-get dist-upgrade

7. Test it. Then you can add config to your sources.list and, if necessary non-free and upgrade as above. Be sure to # them out afterwards.

This looks to be too fussy. Yes, many get away with changing sources and pushing a button on a GUI. Unfortunately, many don't get away with it and this site is full of posts that start with, I just did an upgrade and now it's not working." I'm old school and find that being fussy up front saves trouble at the back end.

[efrpcabo]

When you do the upgrade do it slowly and carefully. You will save yourself a lot of headaches.
I'm old school and find that being fussy up front saves trouble at the back end.

Thank you for this reply, Bulkley.

I like the way you think. Your clear steps make complete sense to me.

And I believe your procedure is not fussy at all, but the result of reflection and wisdom. It truly is.

Regards

[ruffwoof]

The one that puzzles me is this:

Code: Select all

deb http://ftp.debian.org/debian/ stretch-updates main

I have simply never understood the point so I run without it and, as far as I can tell, I've never missed it. Correct me if I'm wrong but I don't remember it being recommended back when I started using Debian some time in the last century.

Consequently, my sources.list looks like this:

Code: Select all

deb http://ftp.debian.org/debian/ stretch  main #contrib

deb http://security.debian.org/ stretch/updates main

This indicates that stable-updates just gets updates a bit earlier (between point releases rather than at point releases). For many, including you and I, excluding stretch-updates (or in my case jessie-updates) is OK. Like you I also exclude the src (sources) as I don't compile anything myself.

[ruffwoof]

When you do the upgrade do it slowly and carefully. You will save yourself a lot of headaches.

1. Do a complete backup. Everything. I prefer to clone it all to a spare hard drive, including Grub. (I got the drive by scavenging an old PC.) I have had to use the backup enough times to appreciate its value.

I use a data (my files/folders) concentric approach rather than system (Debian) concentric. So I boot mostly using live-boot with /home as being persistent (so all diary, browser, user configuration ...etc changes are preserved), whilst the core system remains the same for every reboot. Which reduces the installation down to three primary files, initrd, vmlinuz and a squashed filesystem (filesystem.squashfs) containing all of the system files.

Which makes system backups a breeze, just three files to copy.

For me, accessing my system and data files is primary. I don't really care which system I use to do that and can swap systems easily using the above approach (less than a minute to swap systems). Multi-boot type style ... that Windoze strives to lock user out of. With multi-boot its also easier to reboot another way if the primary boot choice for one reason or another fails to work.

I have built up quite a library of different system boot choices, but Debian Jessie is my day-to-day primary choice.

Does mean that updates aren't as simple. I for instance have to reboot using another 'admin' type system and then unsquash all of the filesystem.squashfs to the / folder ... and then boot that as though a full install, apply the updates, and then reboot back into the admin system and reform a new/updated filesystem.squashfs. I do however like having a primary core filesystem.squashfs that is factory fresh at each reboot (boots the exact same every time).

Debian Jessie is the exception in that it can have both the boot and persistent areas in the same single partition. If you use a swap file rather than a swap partition, the same partition can also be the swap area. Personally I don't bother with swap despite running on a 10+ year old 2GB 4 core desktop setup as the stuff I do doesn't get to needing swap (all tends to fit/run in memory OK). A benefit of using a filesystem.squashfs (which is compressed) is that the amount of IO is around half that of uncompressed, so disk IO is much quicker. And as changes other than under /home are being written to memory rather than disk, writes are a lot quicker also. Makes even a old PC run really quick. systemd-analyze for instance shows a 17 second boot time on this old clunker. Shutdown takes just a second or two.

I have run a quick test of upgrading to Stretch and other than a move from aufs to overlayfs everything worked fine (I did have to install aufs-dkms and boot with a additional union=aufs kernel boot parameter). I did that upgrade using the 'easy' approach, only testing after it had completed (before reverting back to jessie again using the simple/quick few file copying).

As my hardware works fine with Jessie my intent is to stay with that until its 2020 end of life/support date ... unless the need for newer hardware depicts otherwise. All the programs I use within that work well enough for my needs so I have no personal need for dist-upgrading at present. When Stretch is released however I will have a look at its live-boot. Never know, - once in my library of boot choices it could naturally evolve to be my primary preferred boot choice

Bottom line, make sure you have good backups and test that they do indeed restore correctly (I have in the past seen cases of good backup policy/practice, but where when shove came to crunch the backups didn't restore/work). Also data backs are more important than system backups. System software is relatively easily replaced, data files are irreplaceable/invaluable.

[efrpcabo]

Your reply made me think, Ruffwoof.

In fact, I'll have much to digest.

It's true that most of my programs configurations are in my home folder, but running a system like you do is something that I have never thought of.

I like the multi-boot option, but I'm still thinking about all the implications it has with different distros, program versions, and home config files.
At least, for me, as I use much personalization.

As for system backups, I've recently an automated approach and I make two backups:
1 - one for data
2 - one for the system which you can see it described here in this ubuntuforum post I created there: https://ubuntuforums.org/showthread.php?t=2360974

Regards

[dasein]

I liked to read stevepusser reply that Stretch is now in the frozen fase and it's implications, so I'm going to install it and leave stable Jessie now, although as GarryRicketson said, the level of security will not be similar.

Then you didn't fully appreciate the implications of steve's answer. Security in Stretch is not something you need to worry about right now.

The Wiki page quoted by GarryR is correct most of the time--but not during the freeze. Have a look here: http://forums.debian.net/viewtopic.php? ... 85#p642644

By the way, I got the sources.list posted in the OP from this generator: https://debgen.xyz

That tool is at best unreliable. Learning what you need to learn to master software sources is just not that hard. Suck it up and do the necessary reading: https://wiki.debian.org/SourcesList

[efrpcabo]

Security in Stretch is not something you need to worry about right now.

[...]

The Wiki page quoted by GarryR is correct most of the time--but not during the freeze. Have a look here: http://forums.debian.net/viewtopic.php? ... 85#p642644

Thanks, dasein! I really missed the full implications; that link was very helpful in understanding moving to Strectch (or other Testing in other time periods) during the different fases.

Learning what you need to learn to master software sources is just not that hard. Suck it up and do the necessary reading: https://wiki.debian.org/SourcesList

You're right! It's not that hard, after reading the link: the info is clear and makes perfect sense.
Now I understand sources.list better. Thanks again!