Re: security in testing
On Wed, May 14, 2003 at 11:31:53AM -0400, Matt Zimmerman wrote:
> On Wed, May 14, 2003 at 06:35:46PM +0200, Sven Luther wrote:
> > Yes, but this is not something that is clearly said. Many people run
> > testing without even being aware that there may be security issues, or
> > more precisely, that the security issues are orders of magnitude worse
> > than even what is in sid.
> This is documented prominently on the website. If people do not look before
> they leap, there is little we can do.
Well, the documentation says that there is no security for testing, but
it does not say that the security of unstable is higher than the one of
testing. Last time i checked at least, and i may be wrong. Anyway,
intuitively testing is supposed to be more stable/secure/better/whatever
than unstable, and that is what the people expect. This is based of an
observation of many people who were taken aback when they were told that
testing was abysall security wise or something such. I personnally, as a
developer, will not recomend people to run testing, and would either
recomend them to use woody + backports or unstable. I suppose you would
do the same.