The When installing Debian from live media using the Calamares installer (Section 2.2.13, “News from Debian Live team”) and selecting the full disk encryption feature, the disk's unlock key is stored in the initramfs which is world readable.
This allows users with local filesystem access to read the private key and gain access to the filesystem again in the future. This will recreate the initramfs without world-readable permissions.
It’s WSL’s job to write/update Linux file metadata for all the files under your Linux filesystem root (i.e.
/), storing the Linux metadata in each file’s NTFS extended attributes.
In most cases, packages should upgrade smoothly between stretch and buster.
There are a small number of cases where some intervention may be required, either before or during the upgrade; these are detailed below on a per-package basis. If this fails, it will abort the package installation, which will leave the upgrade unfinished.
If you read this after upgrading a remote system to buster, ping the system on the network continuously as this adds entropy to the randomness pool and the system will eventually be reachable by ssh again.
See the wiki and DLange's overview of the issue for other options. To avoid the danger of your machine losing networking after the upgrade to buster, it is recommended that you migrate in advance to the new naming scheme (usually meaning names like kernel commandline option might also work for systems with only one network interface (of a given type).Users will need to migrate to other alternatives to prevent trouble when updating to Debian 11.This includes the following features: Debian 10 includes several browser engines which are affected by a steady stream of security vulnerabilities.The high rate of vulnerabilities and partial lack of upstream support in the form of long term branches make it very difficult to support these browsers and engines with backported security fixes.Additionally, library interdependencies make it extremely difficult to update to newer upstream releases. the webkit and khtml engines source package is covered by security support.Sometimes, changes introduced in a new release have side-effects we cannot reasonably avoid, or they expose bugs somewhere else. Please also read the errata, the relevant packages' documentation, bug reports, and other information mentioned in Section 6.1, “Further reading”. These now specify signature algorithms that are accepted for their respective authentication mechanism, where previously they specified accepted key types.