It is perhaps a *little* disappointing that all the links point away from Devuan, but of course this is a tiny team trying to wrangle a monstrous stampede of catsnakes, and this is actually a complicated issue. Perhaps I could ask that if ever an extra mechanism besides aptitude is needed to keep a system up-to-date with security patches, a Devuan-specific advisory is posted in News and Announcements?

Could it happen that an installed kernel, kept up-to-date via my mindless "aptitude update; aptitude full-upgrade", reaches a point where it no longer receives bugfixes & security updates (Is this the EOL concept?) but the distribution is still maintained ?

No.

For example, Devuan beowulf uses the 4.19 LTS branch and that is supported until December 2024[0]; beowulf itself is due to go EOL in June 2024[1].

All the updated Debian packages will be pulled in through the Devuan repos.

Like changing the handle on my grandfather's axe?

Would this be arranged automagically via e.g. the metapackage mechanism, or via an announcement in News and Announcements on dev1galaxy.org?

I am trying to get a handle on the barest minimum I need to do, to return to smirking smugly at people on outdated OSs.

Is my interpretation of your statement correct?

Yes.

Most problems seem to come from some program or other, so upgrading installed programs is mainly what I do - I'm just a 'desktop user''.

P.S. By the way, I use apt-get, always have, but there's no difference.

Of course, sometimes a kernel reaches EOL - how do distros deal with this? It's probably beyond the metapackagers art. Is this, once again, a job for "News and Announcements"?

Ben Hutchins works in close collaboration with the upstream kernel developers and maintains Debian's LTS kernel until that branch goes EOL.

I normally just update/upgrade the system files

Hi Camtaf

I am interpreting your statement here as doing exactly what I have been doing (for years), where I say I

Is my interpretation of your statement correct?

I feel as if the bicycle helmet that I have been using for years for brainial safety has just been revealed to be made of millimetre-thick hand-blown Venetian glass, so I am not sure I am being entirely rational here.

Because of this, I am trying to check my assumptions. (If we are agreeing, we soon find ourselves banned from the Internet for improper use of a forum)

As part of the assumption-checking progress, I need to consider that I was at fault in not becoming aware of this situation you mention here:

Perhaps it was unreasonable of me to expect the distro to phone or knock on my door, or post an alert in large flaming letters on my desktop, just for the few old duffers who don't use their newer (admittedly interesting) homegrown package installer.  I imagine that this is what the News and Announcements section of the forum is for.  I do have the idea that if an update is recommended by the The Team, the words "recommended by The Team" should be included. And perhaps "the update is only available through our homegrown package installer - I hope you're reading this, old duffers who only use aptitude".

It seems the distro has actually acknowledged a problem by moving to 'auto-updating' kernels (in "refreshes" that came after my installs) by what appears to be the mechanism of kernel metapackages like the one fsmithred describes - wasn't this revolutionary technology invented in the noughties?

Of course, sometimes a kernel reaches EOL - how do distros deal with this? It's probably beyond the metapackagers art. Is this, once again, a job for "News and Announcements"?

If you install one of the kernel metapackages, you will always get the latest kernel on upgrade. Those packages are named like linux-image-amd64 or other linux-image-<arch>. Metapackages don't do anything themselves except automatically pull in other packages.

Without the metapackage, you need to manually install newer kernels when they come along. The actual kernel packages have the version in the package name, like linux-image-4.19.0-16-amd64 for instance.

I only rarely bother, as I normally just update/upgrade the system files, but, if a major flaw has been found, then it's time for a newer kernel.

If you really want to be up to date, you will have to compile the software & kernel yourself - otherwise you have to wait for someone else to do it & post it to the repos.

I have the idea that this is why I don't run Slackware? May Saint Patrick live long and prosper, but I am not l33t enough keep on top of security advisories and dependencies.

Your words give me great comfort, and I thank you.  I enquired of another distro why my kernel appeared to have remained unchanged for more than a year, and was told that 'auto-update' kernels were a recent introduction.    Announcements were made, but it seems I missed the bit about apt alone not being enough.

I asked:
"Am I correct in assuming that every ---  user who installed a version before ----, and relied on the apt system to update it, has been left on their original/install kernel, possibly for years?"

And was told:
"Possibly. But we announced the kernel updates prior and provided the methodology in " a separate (very useful) utility

So...it could be argued the fault was in my assumption. And not paying attention? So I asked the question here, and am paying attention to the answer. You could say I am trying to be an apt student.

Can I trust this sources.list from https://www.devuan.org/os/documentation … owulf.html as canon, at least until suitable mirrors are chosen?

/etc/apt/sources.list

deb http://deb.devuan.org/merged beowulf main
deb http://deb.devuan.org/merged beowulf-updates main
deb http://deb.devuan.org/merged beowulf-security main

Thanks again.

I'm pretty sure that works in ubuntu, too. I'm not sure about mint. They break up their releases differently from the others.

Are there Debian-based distributions (with aptitude installed) where one cannot rely on "aptitude update; aptitude full-upgrade" to keep the OS up to date with all security patches ? 

It has been an article of faith to me for at least 10 years, that this is how I keep my system up to date. Perhaps it was all an illusion? Maybe letting go of these fanciful notions is necessary in order to grow up. Is it time to grow up?

Can the OS in a Debian install (assuming appropriate sources and aptitude installed) be kept up to date with all security patches, with regular use of "aptitude update; aptitude full-upgrade"?

*buntu?
Mint?
Devuan?

I am prepared to consider understanding that if 'upstream' stops supporting an app, e.g. Thunderbird 52, it might be difficult to just fling newer versions into position, invisibly, without special arrangements. Also, something esoteric like a "netinstall" might leave things out (as mentioned here https://dev1galaxy.org/viewtopic.php?id=4231) But the kernel?