Re: Debian security being trashed in Linux Today comments

[Daniel Polombo <polombo@cartel-info.fr>]

Adam Warner wrote:

> On Tue, 2002-01-15 at 01:05, Tim Haynes wrote:

> > Some of us wouldn't dare say such things without at least reviewing the
> > given distro's security policy, FAQ and history.

> But I was really impressed that updates for unstable/testing were
> released at the same time. For those of us that use/test the bleeding
> edge on our systems it's a great reassurance to see the security team
> giving consideration to the security of testing/unstable.


Well, maybe you should follow Tim's advice and go check the security team's FAQ :

   Q: How is security handled for testing and unstable?

   A: The short answer is: it's not. Testing and unstable are rapidly moving
      targets and the security team does not have the resources needed to
      properly support those. If you want to have a secure (and stable)
      server you are strongly encouraged to stay with stable.

Of course, if you're using unstable, fixes tend to appear quickly, but :

- "tend to" is not acceptable when security is concerned
- it may take a lot more time depending on your local mirror

--
Daniel