Sarge bug hits security updates
I just thought that those who install Debian 3.1 should know this.
A minor bug in the CD and DVD images for the 3.1 release of Debian GNU/Linux means those installing the operating system from these images will not get security updates by default, a senior developer says.
Version 3.1, Sarge, was released yesterday.
Colin Watson said in a post to the debian-devel-announce mailing list that the list of sources in these CDs/DVDs for updating the distribution had the URL for security updates commented out for the testing stream of the distribution.
The list of sources for updating should instead have had an URL for the stable release, he said.
The Debian project has three streams in development at all times - stable, testing and unstable. Only security updates are released for the stable stream.
The testing stream becomes the next stable release. The unstable stream is cutting-edge stuff and only very experienced people use it.
"If you have already installed a system using a 3.1r0 CD/DVD image, you do not need to reinstall," Watson wrote. "Instead, simply edit /etc/apt/sources.list, look for any lines mentioning security.debian.org, change "testing" to "stable", and remove "# " from the start of the line.
"If you installed other than from a CD or DVD (for example, netboot, or booting from floppy and installing the base system from the network), you are not affected by this bug."
A similar incident happened when the project released revision 4 of version 2.2.