DebConf24 - Leveraging Deterministic Updates to Improve the Customer Experience on Debian
Speakers: Maulik Shah & Noah Meyerhans & Koshy John
Track: Security
Type: Long talk (45 minutes)
Room: Bada
Time: Jul 29 (Mon): 14:30
Duration: 0:45
Every change to a production system carries risk, and this risk is magnified when applications are distributed across hundreds or thousands of hosts. Security updates to Debian are published on an as-needed basis with no ability to predict in advance what package will change at any given moment, which means that an update from the repositories is nondeterministic over time. The apt update/apt upgrade operation performed today may behave differently from the one performed yesterday.
In this talk we present a deterministic update strategy based on snapshot support introduced with apt 2.7.0. Using apt snapshots, administrators can lock their systems to a specific point-in-time view of the Debian package repositories backed by snapshot.debian.org. This approach provides repeatable and deterministic update behavior with a number of safety benefits that the administrator can incorporate into their infrastructure testing and deployment strategy in a variety of ways:
Pre-production testing that reflects what’s subsequently going to be deployed to production
The ability to execute phased updates following a ring-based deployment pattern
Building on this foundation, Microsoft has added support for Debian within Microsoft Azure Guest Patching Service. We describe this service and how it can be used to safely and reliably manage fleets of any size within the Microsoft Azure cloud computing environment; while providing the capabilities listed above.
Azure’s Safe Deployment Principles monitor the rollout of an update on VMs. Azure pauses a rollout and pushes a new update if a regression is detected on a VM. The same safety mechanism will be in place with Debian Snapshots.
By pinning an update for a customer’s fleet across regions, Azure is simplifying the way customers keep their assets secure through Debian Snapshots.
etherpad
https://pad.dc24.debconf.org/p/131-leveraging-deterministic-updates-to-improve-t
-
2:02:50
The Culture War with Tim Pool
3 hours agoThe FALL of Candace Owens | The Culture War with Tim Pool
201K245 -
LIVE
Sean Unpaved
1 hour agoThe College Football Playoff Begins Today With Alabama vs. Oklahoma | UNPAVED
111 watching -
1:36:33
Misfits Mania
2 days ago $12.38 earnedMISFITS MANIA: Weigh-In & Award Ceremony
39.6K6 -
LIVE
Dr Disrespect
3 hours ago🔴LIVE - DR DISRESPECT - ARC RAIDERS - THE FINISH LINE
1,120 watching -
47:31
Watchmen Action: Ezekiel 33:6 - Equip The Church To Engage The Culture
4 hours ago $0.76 earnedThe Watchmen Brief LIVE From AmFest2025!
12.4K1 -
1:00:45
Graham Allen
3 hours agoLive From AMFEST 2025: Day 2
34.5K36 -
LIVE
LFA TV
10 hours agoLIVE & BREAKING NEWS! | FRIDAY 12/19/25
2,178 watching -
1:50:19
The Mel K Show
2 hours agoMORNINGS WITH MEL K-The Lawfare Squad Takes a Victory Lap-Indefensible Idiocy is to Blame! 12-19-25
15.5K6 -
LIVE
The Shannon Joy Show
3 hours ago🔥SJ LIVE Dec 19 - Friday Midday Matinee W/Shannon Joy! Featuring "American Experience: Jonestown"🔥
28 watching -
1:02:48
Trumpet Daily
2 hours ago $2.28 earnedTrumpet Daily LIVE | Dec. 19, 2025
9.52K4