installing a testing package emacs25 corrupts at totally

If none of the more specific forums is the right place to ask

Re: installing a testing package emacs25 corrupts at totally

Postby MagicPoulp » 2018-11-16 11:46

The package one builds from source could require a security update. One will have to track those. The backports have a mailing list. But if one builds a source package, it is not simple to track the security updates. When mixing stable and testing, one can get the security fixes via apt-get dist-upgrade without having to track anything. But I totally agree that it is dangerous since stable and testing should not be mixed and if one does there is a huge risk of breaking stability.

I am not completely sure, but I don't think there is a repository for backports security updates.

testing has this source repo:
deb http://deb.debian.org/debian-security testing/updates main
MagicPoulp
 
Posts: 49
Joined: 2018-11-05 21:30

Re: installing a testing package emacs25 corrupts at totally

Postby None1975 » 2018-11-16 15:15

MagicPoulp wrote:I am not completely sure, but I don't think there is a repository for backports security updates.

According Debian Backports FAQ:
Q: Is there security support for packages from backports.debian.org?
A: Unfortunately not. This is done on a best effort basis by the people who track the package, usually the ones who originally did upload the package into backports. When security related bugs are fixed in Debian unstable the backporter is permitted to upload the package from directly there instead of having to wait until the fix hits testing. You can see the open issues for jessie-backports in the security tracker (though there may be false positives too, the version compare isn't perfect yet)
User avatar
None1975
 
Posts: 703
Joined: 2015-11-29 18:23
Location: Lithuania, Vilnius

Re: installing a testing package emacs25 corrupts at totally

Postby sunrat » 2018-11-19 02:52

MagicPoulp wrote:testing has this source repo:
deb http://deb.debian.org/debian-security testing/updates main


You will not find any packages in there. I think it's just set up so there's a place for updates when buster becomes stable.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 2495
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: installing a testing package emacs25 corrupts at totally

Postby Head_on_a_Stick » 2018-11-19 06:13

MagicPoulp wrote:if one builds a source package, it is not simple to track the security updates.

Follow the upstream github page, perhaps? That's what I do :D
dbruce wrote:Ubuntu forums try to be like a coffee shop in Seattle. Debian forums strive for the charm and ambience of a skinhead bar in Bacau. We intend to keep it that way.
User avatar
Head_on_a_Stick
 
Posts: 8324
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: installing a testing package emacs25 corrupts at totally

Postby MagicPoulp » 2018-11-19 12:40

sunrat wrote:
MagicPoulp wrote:testing has this source repo:
deb http://deb.debian.org/debian-security testing/updates main


You will not find any packages in there. I think it's just set up so there's a place for updates when buster becomes stable.


Anyways, security updates will be present in the main repository.

I found in the documentation that debian testing is lagging in security updates behind unstable, and that only stable can be relied on for security. Besides, even if testing has security updates that backports don't have, it does not give a guarantee. And mailing lists with backports may be more reliable than updates that are planned in testing.

https://www.debian.org/security/faq#testing

That gives me one more reason for not installing the total debian testing or debian unstable, and prefering a franken-debian mix. Because stable has more guarantee for stability and security updates.
MagicPoulp
 
Posts: 49
Joined: 2018-11-05 21:30

Re: installing a testing package emacs25 corrupts at totally

Postby MagicPoulp » 2018-11-19 12:53

Head_on_a_Stick wrote:
MagicPoulp wrote:if one builds a source package, it is not simple to track the security updates.

Follow the upstream github page, perhaps? That's what I do :D


I don't know since I almost never used backports. But it seems to me that backports work with mailing lists one registers to for bugs and alerts, and those lists are managed in a best effort by the creator of the backport. My point is that with using testing/unstable one can forget about it and get the updates via apt-get.

In summary, using backports is mentioned in the official way of mixing stable with newer packages because it maintains stability. But using unstable directly might be more secure and more up-to-date. But yes it can break the system or what I call "the installation". Usually it does not break with 1 or 2 packages installed including dependencies. One can control what one installs. When I mentionned in the post opening the package emacs-goodies-el that broke my ssytem, there was 500MB with as many as 40 packages that were installed.

People don't like the idea of having an install that can break any time. It is fine. One just needs to back up precious data or to run experiments in a virtual machine.
MagicPoulp
 
Posts: 49
Joined: 2018-11-05 21:30

Re: installing a testing package emacs25 corrupts at totally

Postby Head_on_a_Stick » 2018-11-19 19:21

MagicPoulp wrote:[it seems to me that backports work with mailing lists one registers to for bugs and alerts

No, backports are drawn from testing, usually quite quickly but it varies. This means they get delayed updates from upstream.
dbruce wrote:Ubuntu forums try to be like a coffee shop in Seattle. Debian forums strive for the charm and ambience of a skinhead bar in Bacau. We intend to keep it that way.
User avatar
Head_on_a_Stick
 
Posts: 8324
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: installing a testing package emacs25 corrupts at totally

Postby debiman » 2018-11-20 18:13

MagicPoulp wrote:That gives me one more reason for not installing the total debian testing or debian unstable, and prefering a franken-debian mix. Because stable has more guarantee for stability and security updates.

i will hold you to that when you start posting desperate help requests.
:D
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18

Re: installing a testing package emacs25 corrupts at totally

Postby MagicPoulp » 2018-11-21 14:30

debiman wrote:
MagicPoulp wrote:That gives me one more reason for not installing the total debian testing or debian unstable, and prefering a franken-debian mix. Because stable has more guarantee for stability and security updates.

i will hold you to that when you start posting desperate help requests.
:D


You need to think in a more concrete way. There are actual facts that make a scenario useful.
1 - Debian stable with one extra package from testing (ruby-all)
2 - debian testing
3 - debian unstable

And the scenario 1 is obviously more stable and with security support than the others. But this is not true in general. No need to be ironic because in general it is wrong to mix.
MagicPoulp
 
Posts: 49
Joined: 2018-11-05 21:30

Previous

Return to General Questions

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable