debian安全更新的源能设置成testing吗?

yhwz_888

刚看了一下debian的testing,里面的软件源设置成testing的没有问题,可是关于安全更新的则必须设置成:
http://security.debian.org/ squeeze/updates main contrib
设置成
http://security.debian.org/ testing/updates main contrib
则不行.

有没有什么办法能让安全更新也相对的使用testing,而不是固定版本呢?就像这里的squeeze.

jackjones

当前使用lenny stable的源。

deb http://mirrors.163.com/debian stable contrib main non-free  
deb-src http://mirrors.163.com/debian stable contrib main non-free

deb http://security.debian.org/ stable/updates main

若想使用testing的源，完整的写法应该是什么样的呢？

yhwz_888

deb http://mirrors.163.com/debian testing contrib main non-free
deb-src http://mirrors.163.com/debian testing contrib main non-free

jackjones

Post by yhwz_888;2083196
deb http://mirrors.163.com/debian testing contrib main non-free
deb-src http://mirrors.163.com/debian testing contrib main non-free

谢谢yhwz_888。

楼主，使用
#apt-spy -d testing -a Asia -t 5 -o /etc/apt/sources.list

可完成你想要的。

poet

Post by yhwz_888;2083159
刚看了一下debian的testing,里面的软件源设置成testing的没有问题,可是关于安全更新的则必须设置成:
http://security.debian.org/ squeeze/updates main contrib
设置成
http://security.debian.org/ testing/updates main contrib
则不行.
有没有什么办法能让安全更新也相对的使用testing,而不是固定版本呢?就像这里的squeeze.

debian 两三年才更新一次，我个人觉得使用 squeeze 这样的代号要可靠。毕竟你知道不会在未知的情况下修改到新版本。

两三年发生一次更新的时候，你手动修改一下代号就好了。修改代号之后的更新，你很清楚，将会迎接可能出现的新问题。

至于四五年之后的下一次更新，没有必要考虑，现在的电脑五年后你肯定都已经不想再用了。



另外，安全更新其实主要是针对服务器的，由于从主站到各地的镜像服务器同步通常需要一到两天时间，所以，当主站发布一个更新时，可能不能立即到达本地镜像服务器，在这一两天时间里，有可能因为漏洞而被攻击，因此，安全更新直接从主站下载可以提前一两天时间获得更新。但对于多数人的桌面机而言，其实根本不需要在意这一两天时间的延迟，因此也就根本不需要关注安全更新站点。直接使用本地镜像即可。——这样的安全更新通常针对 debian stable 发布，通常对于 testing 和 unstable 是极少，或者几乎不会发布安全更新的。

AutoXBC

你确定么，源配置应该怎么写不是乱猜的，也不是口口相传的，要看源本身的目录结构，要了解 dists pool 都是什么意思，了解 lenny 和 stable 这种对应在细节上是怎么实现的。下面的 URL 显示，理论上不存在你说的能用 squeeze 不能用 testing 的情况。
http://security.debian.org/dists/

如 poet 所言，原则上是不允许 stable testing 这样的关键字进入源配置文件的，就是避免不可知的升级，使系统的维护可控。lenny 这类代号设计的目的就是避免这种情况。

另外看起来有个误解，认为使用 stable testing 就是滚动升级。明确的说只有 unstable/sid 是滚动升级，testing 因为有 freeze 本质上是伪滚动，不能实现你希望的结果。

聚焦深空

http://www.debian.org/security/
http://www.debian.org/security/faq

Q: How is security handled for unstable?

A: The short answer is: it's not. Unstable is a rapidly moving target and the security team does not have the resources needed to properly support it. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable.

Q: How is security handled for testing?

A: If you want to have a secure (and stable) server you are strongly encouraged to stay with stable. However, there is security support for testing: The Debian testing security team handles issues for testing. They will make sure that the fixed packages enter testing in the usual way by migration from unstable (with reduced quarantine time), or, if that still takes too long, make them available via the the normal http://security.debian.org infrastructure. To use it, make sure the following line is in /etc/apt/sources.list:

deb http://security.debian.org testing/updates main

and run apt-get update && apt-get upgrade as usual.

Note that this doesn't guarantee that all known security bugs are fixed in testing! Some updated packages might be waiting for transition to testing. More information about the security infrastructure for testing can be found at http://secure-testing-master.debian.net/.

Q: How is security handled for contrib and non-free?

A: The short answer is: it's not. Contrib and non-free aren't official parts of the Debian Distribution and are not released, and thus not supported by the security team. Some non-free packages are distributed without source or without a license allowing the distribution of modified versions. In those cases no security fixes can be made at all. If it is possible to fix the problem, and the package maintainer or someone else provides correct updated packages, then the security team will generally process them and release an advisory.

=> http://secure-testing-master.debian.net/

Security support for testing

The team is providing security support for Debian's testing branch by

    * writing patches and doing NMUs to unstable as necessary
    * tracking the fixed packages and working with the Debian Release Managers to make sure fixes reach testing quickly
    * if this process is too slow, providing fixed packages built against testing in the testing-security apt repository:

                      deb http://security.debian.org squeeze/updates main contrib non-free
                      deb-src http://security.debian.org squeeze/updates main contrib non-free
                     

      However, the majority of security fixes reach testing by migration from unstable.

Note that in order to take advantage of the security support for testing, you must update your system on a regular basis.
Limitations

For several reasons, the security support for testing cannot be expected to be of the same quality as for Debian's stable branch:

    * Updates for testing-security usually receive less testing than updates for stable-security.
    * Testing is changing all the time which increases the likelihood of problems with the build infrastructure. Such problems can delay security updates in testing.