josefwhen i update software. i never notice anything changing in a good way. ever! like ive never seen software update and been like "thanks, thats a great new feature!" the exception of maybe twice, this has never happened? i don't think i've even noticed a bug fix either. i only ever see bad new updates to everything. annoying things they (re)moved. breaking changes. stuff no longer works. customizations i spent ages on no longer have any effect. settings get ignored. stuff breaks. updates are bad
i think i only want my package manager to update things when there's a CVE. is there a way to make this happen. theres like 146 package updates every week. they can't all be critical security fixes can they? do i have to hire an intern to go through them
électeur médian québécois
Will 💜@jk I think this is called "using an LTS distro"
foldl@jk I don't think there's a way to make that happen. Debian stable promises this, but that won't catch even every security update:
yomimono, still on land@jk yum claims you can search packages by CVE (and bugzilla ID), IIRC. I remember discovering this because the number of human hours you’d need to throw into making that work made it seem very improbable that it does
Adelie@jk My guess is It Depends®, mostly on your package manager. unattended-upgrades has a security tag. Or you could go full nerd and use a scraper on mitre, bounce it off your installed packages and install that way.
Eventually, you'll end up stuck on the most secure LTS from 8 years ago with a bunch of manually compiled libs etc and at that point you should probably have just installed BSD and been done with it. Ask me how I know...
@adelie this is where my server is right now, so i guess i should have gone with BSD after all…
RAOF@jk if you're using Ubuntu you can disable the “updates” repository and leave the “security” repository enabled². That's a supported configuration and will get you what you want¹.
Pick an LTS base and you'll only need to upgrade every 5 or so years.
¹: mostly. There are some things, like web browsers, that we can't reasonably backport only security fixes to.
²: I'm pretty sure you can do this from the “software sources” GUI, but I generally poke the configuration files myself.
i think many of us crave the order, the determinism, the object permanence that a computer can offer. all your files are exactly where you left them. the state is preserved. the machine operates in a predictable rhythm. decades of engineering to construct a complex but logical system upon a chaotic, messy physical substrate. but slowly, and surely, this predictability is being eroded from above. things will no longer stay put, or obey. eventually, on the computer, sense will no longer be made
Babberbupts 🦆@jk we'll invent the mentat, not because computers got too smart and uppity, but because they got stupid and unable to perform any meaningful task
LR@jk for my software projects, all my library dependencies are revision-locked. they always check out the same git/hg revision, regardless of how updated the library considers itself now. it's wonderful. i only deal with the mess once i really need a feature or a bugfix.
Daniel M Karlsson@jk I feel the same way most of the time. Would be great if we could just grow our own computers out back in the yard instead. Write software for them by taking naps. No need to update anything ever, just remember to water it every now and then. Leave the damp computer sludge out on the windowsill to dry in the afternoon sun. Take a walk and maybe contemplate the vastness of forests while your waiting. That's also computation. Even that rock is computing it's weight and position in the universe.
@t36s I like to think (and
the sooner the better!)
of a cybernetic meadow
where mammals and computers
live together in mutually
programming harmony
like pure water
touching clear sky
the sooner the better!)
of a cybernetic meadow
where mammals and computers
live together in mutually
programming harmony
like pure water
touching clear sky