On Thu, Apr 08, 2021 at 01:47:22PM -0600, Charles Curley wrote: > On Thu, 8 Apr 2021 10:46:06 -0500 > Matt Zagrabelny <mzagr...@d.umn.edu> wrote: > > > If I wait for a few months to perform an "apt upgrade", many packages > > get upgraded. > > ... > > > Is there something more elegant? > > As Dan Ritter <d...@randomstring.org> already mentioned, you can > configure a failover DHCP server, usually a good idea anyway. > > Why are you using Sid for production software? I know it's in > pre-release freeze. The general advice is to use only current released > stable for production. > Being picky: Sid is NEVER in a state of freeze - it's permanently unstable. A package change tomorrow could delete 9/10 of your system or you could be waiting months and years for a major change to percolate through. There are really _NO_ guarantees with Sid: if you can't deal with your system executing a Halt and Catch Fire instruction once in a while, you shouldn't go anywhere near it. Sid _may_ have bugs that nothing else has: it doesn't have any security guarantee.
> And why are you waiting months to do an upgrade? That has security > implications you don't want. I upgrade all machines daily, even on > stable. > if you worry about upgrades - install minimal amounts of software. For a router - don't install a desktop environment. You might get one upgrade a week on stable of a couple of packages. [The machine I have next door runs a Debian mirror - it has one job, essentially] Update REGULARLY - use unattended upgrades package. Once a week or so, take five minutes to run an update/upgrade cycle yourself and watch it go through. Install a firewall - lock down the things you want to lock down. > If you don't want to do it yourself, install unattended-upgrades. That > runs daily some time before 06:00, so even if it reboots, it shouldn't > affect most users. > Maybe also take a little time to read up something like the Debian handbook - debian-handbook package / web site to fill in info on other things that might be interesting. Folk here can be very helpful. All the best, Andy C > -- > Does anybody read signatures any more? > > https://charlescurley.com > https://charlescurley.com/blog/ >
