Bug#1024260: apt: An easy way to install only security updates

To: Alexey Salmin <alexey.salmin+debianbugs@gmail.com>, 1024260@bugs.debian.org
Subject: Bug#1024260: apt: An easy way to install only security updates
From: Julian Andres Klode <jak@debian.org>
Date: Wed, 16 Nov 2022 17:27:42 +0100
Message-id: <[🔎] 20221116171926.GA3004308@debian.org>
Reply-to: Julian Andres Klode <jak@debian.org>, 1024260@bugs.debian.org
In-reply-to: <[🔎] 166861446697.675077.15966905637545760401.reportbug@salmin-dell>
References: <[🔎] 166861446697.675077.15966905637545760401.reportbug@salmin-dell> <[🔎] 166861446697.675077.15966905637545760401.reportbug@salmin-dell>

On Wed, Nov 16, 2022 at 05:01:06PM +0100, Alexey Salmin wrote:
> Package: apt
> Version: 2.0.9
> Severity: wishlist
> 
> Dear Maintainer,
> 
> Please provide an easy one-line way to only install security updates.
> This scenario is essential for the docker images. People need the
> security updates but not the bloated image from other updates.
> 
> There's an interest for this feature in the community [1][2]. Current
> solutions are bulky which makes them less likely to be adopted. Most
> people just stick to outdated base images and install no updates at all.
> This is very unfortunate and not good for the security in general.
> 
> I see two way how this could be done in a general non-hacky way:
> 1) Support "Suite" filter as a command-line option in apt-get.
> 2) Provide a separate sources-security.list into the default install,
> then users can pick it with the '-o Dir::Etc::SourceList' option.
> 
> I'm not sure about the option (1), but option (2) looks very simple and
> nevertheless would greatly improve the availability of security updates.

This is an Ubuntu issue, and not applicable to Debian, as Debian
replaces the base "stable" suite at each point release.

now for Ubuntu

Either way, it's there essentially, you can just use

    apt install ?upgradable?archive(-security$)

to install all security upgrades (if they are all installable and
not broken).

And of course if you only ever want security like in Docker, don't
enable -updates in your sources.list. I don't think that is supported
however, there are no Ubuntu images without -updates enabled so you
might end up with uninstallable packages.

Of course this raises the other point: The docker image is not stable,
it is regularly updated with the latest updates, and you install on
top of that, you don't really should (need to) run upgrade in the
first place.

That all being said, I want to eventually replace unattended-upgrades
by getting the feature set into apt, so that needs the same knowledge
and you can then use that to some extend.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

Reply to:

References:
- Bug#1024260: apt: An easy way to install only security updates
  - From: Alexey Salmin <alexey.salmin+debianbugs@gmail.com>

Prev by Date: Bug#1024260: apt: An easy way to install only security updates
Next by Date: Bug#1024260: marked as done (apt: An easy way to install only security updates)
Previous by thread: Bug#1024260: apt: An easy way to install only security updates
Next by thread: Bug#1024260: marked as done (apt: An easy way to install only security updates)
Index(es):
- Date
- Thread