More than a month ago I have seen a post by Joerg Jaspert on the Debian devel announce list that was announcing the inclusion of the amd64 port in the official Debian mirrors. At that time only the unstable branch was included, and he explained that amd64.debian.net will maintain the testing tree until this will be fully synced with the debian-installer so the Debian Etch system will use only Debian mirrors. If you are using the stable release (sarge) then this would not affect you in any way, as they will continue to keep it updated.

Since I manage several servers with Debian Etch AMD64, I was very happy to see that the amd64 port was finally approved and included in the official mirrors. There was no date when this will actually happen for the testing release, but it happened exactly as described: after a period of no updates, today you will notice 404s from amd64.debian.net, and this means it is finally over… Read the rest of this entry »

One of the first rules in security is to keep your servers always updated to the latest security patches. Debian provides a wonderful and very easy mechanism to do this. There have been many questions if it is best to update automatically or manually.
Here are my 2 cents on this issue:

In case you are using (as me) the testing branch of debian on live servers:

• if you are managing a single server then you are probably best to update automatically. Why? Because even if there is a problem with an update you will not have the chance to see this on another running server and fix this (either ignore the update, or fix the problem it is causing).

• if you are managing more servers (maybe similar ones) than it might be a good idea to do this manually. Why? well because if there is a problem with some update then you can save yourself valuable time to not solve the issue introduced by the update on many servers.

In case you are using the stable branch of debian:

• in this case I am all behind automatic updates. The stable branch is very reliable and you should not see any problems caused by the updates.

Depending on how many systems are under management this might be true or not (if there are hundreds of servers, then maybe my above ideas are no longer true). But for someone managing a few servers (as myself) that should be a good option.

Today I will present you the manual approach and leave the automatic approach for a future article.

All you have to do is:
- sync the lists of new/upgradeable packages

aptitude update

- perform the actual update/s:

aptitude upgrade

You can get the same result using apt-get instead of aptitude. Depends on which tool you prefer (though they are very similar).

This will automatically download any updates available and check the dependencies (if needed suggest to get additional packages, etc). If there are any configuration files changed it will ask for an action if to keep your old modified version or install the package default one (this will be done automatically in case you have not changed the configuration file).

In future articles I will show how to tweak various aspects of this very important task: to keep your systems up-to-date.