Some myths regarding apt pinning
Since some people seem to thing apt pinning can solve all problems with
outdated packages in stable I want to explain why this is wrong:
apt pinning is good if you are running testing but need a package (e.g.
a security update) from unstable.
There are people that use apt pinning to install packages from unstable
on a woody system. This is bad because nearly every installation of a
package from unstable pulls a new libc6 and it's also possible that it
pulls a new Perl and Python. Then some _very_ essential components of
your system are upgraded to the potentially more buggy versions in
unstable.
>From a security point of view woody + libc6 from unstable is worse than
any other possibility. Consider there's another security bug in libc6.
The fixed version for stable has a lower version number than the version
on your system and you won't get the update. This is worse than the
situation when you are running one of stable/unstable/testing:
stable:
Stable users get security updates from security.debian.org.
unstable:
A fixed package for unstable is usually at about as fast as the fix for
stable available.
testing:
Every user of testing knows that he must read debian-security-announce
and if needed install fixes from unstable since it can take an arbitrary
amount of time until security fixes from unstable enter testing (most
likely none of fixes from the last 70 security advisories is in
testing).
cu
Adrian
BTW: Please Cc me on replies.
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: