On Sam, 2003-01-25 at 13:25, Thomas Hood wrote: > On Fri, Jan 24, 2003 at 02:59:17PM +0100, Adrian Bunk wrote: > > From a security point of view woody + libc6 from unstable is worse than > > any other possibility. Consider there's another security bug in libc6. > > The fixed version for stable has a lower version number than the version > > on your system and you won't get the update. > apt will upgrade most packages from stable but will > upgrade foo from unstable, or from testing if version vvv > has made it into testing; and likewise libc6. That's exactly the problem Adrian points out: libc6 from unstable might not contain the fix yet, and libc6 from testing will very probably not contain the fix. libc6 from woody would, but you'll not get this upgrade. And downgrading libc6 is a bit risky, and you'll be forced to uninstall all unstable/testing software if you install the libc6 from woody-security. But, as I argued in my previous mail, if you are aware of these consequences and are prepared to deal with it, then apt pinning is something really good. (oh, and: you probably should use dist-upgrade normally. Just use upgrade. dist-upgrade should only be used if you really do a dist upgrade, potato->woody or so). cheers -- vbi -- featured link: http://fortytwo.ch/smtp
Attachment:
signature.asc
Description: This is a digitally signed message part