Re: Some myths regarding apt pinning
On Sat, 2003-01-25 at 18:11, Adrian 'Dagurashibanipal' von Bidder wrote:
> That's exactly the problem Adrian points out
I guess there is some misunderstanding here. What I called
A.B.'s "worst case scenario" is the scenario in which libc6
gets upgraded once from unstable ... to a buggy version ...
and is subsequently not upgraded from there again even when
a security fix is released. As he pointed out, security
fixes usually appear in unstable the same time they
appear in stable, so the worst-case scenario is avoided if
pinning is set up such that the "unstable" packages continue
to be upgraded from unstable.
I should add that just avoiding A.B.'s worst case does not
guarantee that one's system is secure.
On Sat, 2003-01-25 at 18:11, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Sam, 2003-01-25 at 13:25, Thomas Hood wrote:
> > On Fri, Jan 24, 2003 at 02:59:17PM +0100, Adrian Bunk wrote:
> > > From a security point of view woody + libc6 from unstable is worse than
> > > any other possibility. Consider there's another security bug in libc6.
> > > The fixed version for stable has a lower version number than the version
> > > on your system and you won't get the update.
>
> > apt will upgrade most packages from stable but will
> > upgrade foo from unstable, or from testing if version vvv
> > has made it into testing; and likewise libc6.
>
> That's exactly the problem Adrian points out: libc6 from unstable might
> not contain the fix yet, and libc6 from testing will very probably not
> contain the fix. libc6 from woody would, but you'll not get this
> upgrade. And downgrading libc6 is a bit risky, and you'll be forced to
> uninstall all unstable/testing software if you install the libc6 from
> woody-security.
--
Thomas Hood <jdthood0@yahoo.co.uk>
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
Reply to: