[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default pin

also sprach Thomas Walter <t.walter@nefkom.net> [2006.06.24.0047 +0200]:
> When using Debian and from one stable release to the other then you have
> a "drastic/radical" change in features/functionality.

Yes, at a point in time *I* can define, and I have about a year of

> Due to the fact that there may be several major/minor releases from
> upstream jumped over while the package lives in
> experimental/unstable/testing.

... which is why Debian tries to ensure a migration path not from
one package to the next, but from stable to testing.

> Using backport one can mitigate big steps but profit from
> improvements in existing features/functionality. Maybe,
> new/additional functionality introduces new bugs, but this risk is
> reduced by the strict rules of backports ti use SW from testing
> only.

Right. *maybe* this approach is feasible for a small number of
machines. But when you're in charge of hundreds of Debian machines,
you really want to make all the changes once and in a two or three
week time frame during which you can dedicate your energy.

I use Debian because I do not want to read about a security problem
on Friday morning, upgrade the machines after the mirror pulse,
leave for the weekend at a reasonable hour, and get a pager alert at
home because this "amazing new feature" introduced a bug and crashed
most of the systems. I also don't want to find out that 1.2 dropped
a feature that 1.1 merely deprecated, just because last night,
someone decided s/he wants 1.2 on backports.org now.

> In general upstream goes forward, not backward and does not release bug
> fix versions forever. 

... which is why Debian stable backports them. Now, backports is
a necessity for a lot of reasons, but it's *not* Debian stable. And
since Debian stable is the reason that *I* employ Debian on
critical servers, I sure as hell want to have a say as to what gets
upgraded to a new upstream version, and when.

> In brief, if the customer wants version x, then the admin has to
> provide version x.

Sure. But that does not mean he has to run the slightest chance of
accidentally pulling in version y of a different package, which
might break things.

I am not saying "stop backports.org". I am saying change the policy
to require the admin to explicitly allow packages to be installed or
upgraded, and for me, that's the difference between the -1 and the
200 pin.

> As the name/definition says, "security updates" fix bugs which are
> a security hole, but not bugs in features/functionality.

Dude. backports.org does not have a policy to only allow security
bugs. If, as you say, upstream fixes a security bug in a newer
version, which also introduces this "amazing new feature Y", then
please, ask me whether I want to install it. Or: don't install it
unless I have checked and approved of it.

> Most internal users are no intruders.

Check your facts. The last paper published by CERT in 2004
attributes somewhere close to 70% of *all* attacks to come from the
inside, be they by disgruntled users or trojans.

My point has been made. It won't cause any pain to change the
default pin to those who follow or have followed the directions on
the web. But it will protect those who err, and it will propagate
a more serious and secure default.

'nuff said.

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
spamtraps: madduck.bogus@madduck.net
"this sentence contradicts itself -- no actually it doesn't."
                                                 -- douglas hofstadter

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

Reply to: