On Sat, Jan 11, 2003 at 07:37:55PM -0500, Bruno Diniz de Paula wrote: > So what you mean is that if someone finds a security flaw on any > package, the security team of Debian is informed and consequently the > maintainer of that package is informed. Then the maintainer updates the > package at woody/potato, advertises that and, at the same time, updates > the unstable version. This would mean that, in terms of solved bugs in > the *sofware* that could cause a security flaw, both woody and sid are > exactly equal. Is it that? well at the same time all kinds of other software updates are happening in unstable as well. the security fix might be uploaded, and then 2 hours later package for the next upstream release might be uploaded as well (and introducing half a dozen new bugs in the process), and it's all the same to apt-get upgrade. personally (though this is just imho) i think that if you're really concerned about security, it'd be better to run a stable release. if there are later versions of specific packages that you really want, there are alternative ways of getting them while still maintaining a mostly stable system (such as "pinning", or using deb-src lines for testing and/or unstable and building your own packages with apt-get source -b) this way you have stable's security update infrastructure working for you. sean
Attachment:
pgpGsYHcCTEUC.pgp
Description: PGP signature