Re: can an 'unstable' system be made secure?
On 27 May 2004, James Sinnamon wrote:
> I realise that debian security announcements address 'stable' and
> 'testing' systems.
> Nevertheless, I would like to run a firewalled 'unstable' system.
You will probably find testing much better suited to a firewall system.
If you *really* need a package or two that has not yet made it back into
testing yet, grab the source package and compile it with 'apt-get -bb'.
> So, can I expect to be able to make my 'unstable' system secure
> if I am prepared to be vigilant and put in the extra effort, or is it a
> lost cause?
>From experience (unstable on my laptop), security fixes are *almost*
always as timely on unstable as on stable or testing. I can't recall a
major vulnerability that wasn't fixed in unstable within a day of the
security team releasing their fix.
More minor vulnerabilities, such as local root, tend to hang around a
bit longer but, at the end of the day, the maintainer usually wants to
get it out of their hair pretty quickly. :)
I would still recommend testing for a server, though, and using only
source deb packages from unstable where needed.
It is dangerous to be right when the government is wrong.