testing vs stable (was Re: broadcom drivers debian (was RE: Debian Installer - Problems Partitioning))
> The largest difference between stable and testing is that Debian
> provides security updates for stable, and for testing you're on your
Q: How is security handled for testing and unstable?
A: The short answer is: it's not. Testing and unstable are rapidly moving
targets and the security team does not have the resources needed to
properly support those. If you want to have a secure (and stable) server
you are strongly encouraged to stay with stable. However, the security
secretaries will try to fix problems in testing and unstable after they
are fixed in the stable release.
It is my subjective experience that the security team is actually pretty
good about updating testing. For example the postgresql update applied to
both testing & stable.
Also for major packages (apache, postfix, postgresql), the upstream people
tend to be pretty good about Quality Assurance. Running on a closed (sys
admin shell only) for things like email.
Especially given that Sarge is likely to become stable soon, the new
features (not having to dick around with compiling broadcom drivers
separately) make it worth the "risk".
I have heard people claim that "testing" is as stable as Redhat release...