On Mon, Jun 07, 2004 at 10:57:12PM -0400, Speakman, John H./Epidemiology-Biostatistics wrote: > There you go again (nod to the late Ronnie, not that I would have voted > for him). > As promised, after my success with the DL140, I popped a sarge CD into > my beloved old Alpha 4100s and the previously dormant StorageWorks 800 > array lit up like a Christmas tree for the first time for over a year. > It will be a couple of days before I can spend some more time on it, but > I was jubilant. Until you guys started bickering, hinting that it's > "not secure" or something. You guys need a good PR agent. Just > kidding. Or am I? PR agents usually have legal teams strapped to their backsides. Here in the Free Software community, I'd much rather tell it to you the way it is. The decision of whether to use sarge on your system is yours to make, my only interest is that it be an informed one. (FWIW, I run sarge or sid on all of my personal machines.) Cheers, -- Steve Langasek postmodern programmer > -----Original Message----- > From: Steve Langasek [mailto:firstname.lastname@example.org] > Sent: Monday, June 07, 2004 9:51 PM > To: email@example.com > Subject: Re: testing vs stable (was Re: broadcom drivers debian (was RE: > Debian Installer - Problems Partitioning)) > > On Mon, Jun 07, 2004 at 08:37:46PM -0400, Dan M. MacNeil wrote: > > http://www.nl.debian.org/security/faq#testing > > > Q: How is security handled for testing and unstable? > > > A: The short answer is: it's not. Testing and unstable are rapidly > moving > > targets and the security team does not have the resources needed to > > properly support those. If you want to have a secure (and stable) > server > > you are strongly encouraged to stay with stable. However, the security > > secretaries will try to fix problems in testing and unstable after > they > > are fixed in the stable release. > > > It is my subjective experience that the security team is actually > pretty > > good about updating testing. For example the postgresql update > applied to > > both testing & stable. > > This would be very subjective indeed, because the security team does > nothing to directly address security holes in testing. The most they do > is to document whether the bug affects testing.
Description: Digital signature