Getting Debian Security Updates
Posted by Steve on Tue 13 Sep 2005 at 17:41
If you're new to Debian you might be confused about how to get access to the Debian security updates. This short introduction tells you all you need to know.
To start with it helps if you are familiar with the way that Debian is released. Currently there are three flavours, or "branches" of Debian available:
- Stable - Sarge (Debian 3.1)
- This is the current stable release.
- Unstable - Sid
- This is the staging area in Debian where new work is conducted.
- After packages have been contained in "Unstable" for a short while they are moved into the the "Testing" release. Testing will ultimately be released as the next stable Debian, Etch.
As you can see there are three major flavours here. The simplest way to follow these names is to understand how they are used. The "order" of the releases is something like this:
Packages are uploaded to the unstable distribution, sid, and anybody running that distribution can get them almost immediately afterwards.
After a short wait if all the package dependencies are available, then the package is moved into testing. This can take 3, 5, or 10 days. But it is worth noting that this migration only occurs if all the dependencies of the relevant package are also available for testing.
At some point in the future the entire state of the Testing distribution will be frozen - and that will be released as the next Stable release. We don't know what the version number will be, but the next Stable release will be called "Etch".
Now that we've briefly explained the different distributions of Debian we can look at the security support.
If you're running Unstable there are no security updates available. Hopefully problems will be resolved by new uploads as soon as they are available - however even this is not gaurenteed.
The other two distributions, Stable and Testing, both have security support in place.
To gain access to the security updates you can use the standard Debian tools, apt-get, aptitude, or synaptic. To do this you just need to make sure your apt setup is correct.
apt will download and read from a list of "sources" to see which packages are available, and see their version numbers (which it must do to see if there are newer packages available than those present upon your current system).
The sources are configured by the file /etc/apt/sources.list, once configured correctly you can update your system by running:
apt-get update apt-get upgrade
(You can also use "aptitude update; aptitude upgrade" instead if you prefer - or synaptic.)Stable Security Sources
Testing Security Sources
If you are running the Debian Stable release, codenamed Sarge, then you should have the following listed in your sources.list file:# # Debian Security Updates # deb http://security.debian.org/ sarge/updates main contrib non-free deb-src http://security.debian.org/ sarge/updates main contrib non-free
For more details on Debian Stable's security handling please see the following URL:
If you wish to keep advised of security updates as they are released you can subscribe to the debian-security-announce mailing list - this receives a single message for each released advisory.
If you are running the Debian Testing release, which will eventually be released as the next stable release, Etch, then you should have the following listed in your sources.list file:deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free
The security support for Testing is relatively new, and was announced on the 9th of September 2005.
For more details on the testing security support please see the following URL: