Page MenuHomeVyOS Platform

Remove /etc/debian_version from the image
Closed, ResolvedPublic


The /etc/debian_version file contains the Debian release version number. Since VyOS uses image-based upgrade, that file serves no useful purpose for us.

However, security scanners love to jump to conclusions and declare an "old Debian version" vulnerable without checking if there may not be any packages from that version at all. Removing that file is an easy way to get fewer false positives.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Internal change (not visible to end users)

Event Timeline

Please revert that commit (remove that hook) and use the excludes-file instead.

For example by adding the following to the bottom of the above file:

# T5624: Remove the Debian version file to avoid false positives from security scanners.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer added a project: Restricted Project.
syncer edited projects, added VyOS 1.4 Sagitta; removed Restricted Project.