Why was security updates disabled

Henrik Christian Grove

Earlier today I installed ubilinux on my new up. I had connected it (by wire) to the net before, and while I don't know if it actually used the net during installation, it meant that I didn't get the warnings in the wiki, installation just progressed nicely, asking for hostname and domain name in the process, and afterwards the (wired, haven't tried wireless yet) network works as it should.

When I looked in /etc/apt/sources.list, I saw

deb http://httpredir.debian.org/debian jessie main contrib non-free

deb http://httpredir.debian.org/debian jessie-updates main contrib non-free

deb http://httpredir.debian.org/debian jessie-backports main contrib non-free

so basically anything that's in Jessie can be installed, and packages that hit jessie-updates, will be upgraded., but the line mentioning security.debian.org was wrong (I didn't copy it, so I can't put it here), commented and prefixed with a line saying:

# Line commented out by installer because it failed to verify:

Fixing the line and uncommenting it, made a lot (sorry I didn't note the number) of updates available It seems like a bad idea to run without security updates, but is there any problems with enabling debian's? Would it help if I set up pinning so packages from ubilinux.org are not replaced?

Javier Arteaga

Hi grove,

The fact that the RC3 installer isn't always enabling Debian security updates is a known regression, and will be fixed for the upcoming final release. None of our features depend on disabling security updates (if so, we would consider that a bug). APT pinning would indeed help if you find Debian updates override ubilinux packages (this is a possibility at the moment), but we intend to pre-pin them on the final version.

Many thanks for your report!