bancfc at openmailbox.org:
> On 2016-05-13 22:41, Patrick Schleizer wrote:
>>>> I don't think this is possible with the resources we have.
>> The lack of maintenance power is decisive but lets look away from it for
> a minute to continue the thought exercise.
Ok.
>>>> We cannot manage /etc/apt/sources.list.d/debian.list though a Debian
>> package / apt-get.
>>>> Let's say we had a a snapshot.debian.org in
>> /etc/apt/sources.list.d/debian.list as anon-apt-sources-list.
>>>> At first run of apt-get would install a newer package of
>> anon-apt-sources-list would ship a newer
>> /etc/apt/sources.list.d/debian.list with a fresher snapshot and new
>> Whonix debian packages. Only then, on next run of apt-get update and
>> apt-get dist-upgrade, newer Debian packages would be installed. So the
>> Whonix packages would have to be tested and compatible with the older
>> and newer Debian packages.
>> Couldn't apt-during-apt help with this?
Not that I know.
apt-during-apt is a hack. Does not have a great way to install packages
that it just downloaded besides doing that at next boot. It can have one
package postinst have install another one or two packages or so. Such as
an ip2box package could download the i2p key and router packages. Not
suited for something as big as a suite upgrade or so.
> Postpone any new Whonix package
> install until next time when anon-apt-sources package and the the new
> snapshot packages have had a chance to upgrade?
Somehow the Debian repository could be disabled using apt-pinning
mechanism. But then users could also not install any new packages on
their own. Unless there are more hacks around apt-get.
>>>> Or use some other mechanism to guide upgrades, something outside of
>> apt-get which is not great, reinventing such a system.
>>>> What would work in theory would be not using the official Debian
>> repository, but a mirror of all Debian packages under Whonix control. So
>> packages are only made available to everyone once they have been tested
>> for Whonix compatibility. Ubuntu does something similar. They freeze
>> Debian testing, stabilize and support.
>>>> I don't think we have enough reliable working hours per week or even per
>> month to get this done. And I can't do it alone, because then this would
>> be kinda my only task.
>> From what I understand Debian snapshots include packages in the whole
> archive - its essentially a wayback machine for the official repos.
Somewhat like that. A snapshot of the state of the repository at that
date/time, which will never change. No upgrades ever. Unless upgrading
to a newer snapshot.
> Every two years you usually have to go thru the dependency testing
> process with every major stable upgrade.
Yes.
> With snapshots you have more control of when the system packages get to
> transition.
Also at the moment there won't uncontrolled suite (ex: wheezy -> jessie)
upgrades, because we are using specific codenames (ex: jessie) in apt
sources lists and not generic codenames such as stable. The specific
codenames will on purpose never be automagically upgraded by Debian
maintainers. (Generic ones would, that is what they are for.)
This was done since Whonix 9 and discussed here:
https://forums.whonix.org/t/done-use-wheezy-or-stable-in-etc-apt-sources-list-d-debian-list
> Lets say you update the snapshot every year or even 6 months
> or whenever it suits you. This is still a win from a security point
> because exposure time is less than waiting for a new stable snapshot.
Security fixes are uploaded more often than on a 6 month cycle. There
are so many new security fixes alone in stable, it's impossible to keep
track of them. If I had to test each of them in advance, I don't think
that would work. But on testing it's not just security fixes, these can
be mixed up with package upgrades.
Let's say hypothetically we used
http://snapshot.debian.org/archive/debian/20160101T111320Z/ (2016 01 01
T111320Z). Two months later, a there is a remotely exploitable
vulnerability when using ssh as a client. Then users would not get any
upgrades. Unless we transition to a newer snapshot. But this newer
snapshot comes with all the required testing work and dependency stuff.
In meanwhile they could have even made changes as big as changing from
sysvinit to systemd. Unless we had someone to keep track of these
security fixes, to backport them to our snapshot and upload that.
> Also if something turns out to be badly broken in the future stable
> release you can wait it out
As explained above, future stable releases that would not work for
Whonix and would require more upgrading work would not be an issue at all.
Debian Testing: is like me "against" the whole crew of Debian
maintainers being super active with new releases.
Debian Stable: No changes besides minor security changes. Can even add
specific codenames and directly use Debian repository without need to
monitor too closely what the bleeding edge in Debian is up to.
> and skip to a newer snapshot where its
> fixed. Essentially instead of syncing Whonix development around Debian's
> release schedule you instead work around your own - which hopefully
> means more frequent package upgrades. If its still too much then its a
> non-starter but at least its been explored.
>>>>> As a half baked solution there could be a maintainer who provides a
>> Whonix version based on Debian testing who provides patches to make
>> Whonix compatible with both stable and testing.
>>>> Cheers,
>> Patrick
>>
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 www.fadu0.net.cn uipmworld.com.cn www.aa6d7.com.cn safevr.com.cn www.lulai4.net.cn www.zstotem.com.cn tafan4.net.cn sizhi9.net.cn fenda3.net.cn 51moyang.com.cn