In the middle of reading a heated argument with the GrapheneOS fediverse account and he brought up one interesting point: after digging around I’m not seeing a policy for what, exactly, goes into byzantium-update vs byzantium-security releases anywhere on here. I get that the answer is going to be roughly ‘what debian does (ie this workflow http://salsa.debian.org/debian/package-cycle/raw/master/package-cycle.svg ) ’ but I’m not seeing where in the pureos documentation this is laid out.
ie they are claiming that ‘only CVE security problems get addressed, the rest get ignored’ – debian doesn’t behave this way, and if pureos pulls debian updates (even if laggardly) that would not be true, but again – it would be nice to see this process documented somewhere.
…automatically. The only exception are packages that got forked in PureOS - these need to be updated manually by PureOS maintainers. The tooling notifies about those as they are updated in Debian.
(there’s an additional delay buffer in *-updates as the packages go through the migration path from *-updates-proposed to allow for a testing period; there’s no such thing in *-security though)
I go to purism documation read as much and found a way to update all pureOS 10.3 to all updates and security updates through the terminal I just find the sudo apt update then there is more to type on the same text then hit enter after I make sure everything is typed correctly then asked for my passcode hit enter the terminal shows all the files as it upgrades all files to current date. Documation Right from purism, then my machine: Librem mini v2: look up software read it find how to upgrade all files. It does it all for me right from inside Purism. No worry about hostile programs. Including security, PureOS . Give me a great felling getting it right from Purism.
