Re: Debian security being trashed in Linux Today comments
Adam Warner wrote:
On Tue, 2002-01-15 at 01:05, Tim Haynes wrote:
Some of us wouldn't dare say such things without at least reviewing the
given distro's security policy, FAQ and history.
But I was really impressed that updates for unstable/testing were
released at the same time. For those of us that use/test the bleeding
edge on our systems it's a great reassurance to see the security team
giving consideration to the security of testing/unstable.
Well, maybe you should follow Tim's advice and go check the security team's FAQ :
Q: How is security handled for testing and unstable?
A: The short answer is: it's not. Testing and unstable are rapidly moving
targets and the security team does not have the resources needed to
properly support those. If you want to have a secure (and stable)
server you are strongly encouraged to stay with stable.
Of course, if you're using unstable, fixes tend to appear quickly, but :
- "tend to" is not acceptable when security is concerned
- it may take a lot more time depending on your local mirror
--
Daniel
Reply to: