[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: can an 'unstable' system be made secure?

On 27 May 2004, James Sinnamon wrote:
> I realise that debian security announcements address 'stable' and 
> 'testing' systems.
> Nevertheless, I would like to run a firewalled 'unstable' system.

You will probably find testing much better suited to a firewall system.
If you *really* need a package or two that has not yet made it back into
testing yet, grab the source package and compile it with 'apt-get -bb'.

> So, can I expect to be able to make my 'unstable' system secure 
> if I am prepared to be vigilant and put in the extra effort, or is it a
> lost cause?

>From experience (unstable on my laptop), security fixes are *almost*
always as timely on unstable as on stable or testing. I can't recall a
major vulnerability that wasn't fixed in unstable within a day of the
security team releasing their fix.

More minor vulnerabilities, such as local root, tend to hang around a
bit longer but, at the end of the day, the maintainer usually wants to
get it out of their hair pretty quickly. :)

I would still recommend testing for a server, though, and using only
source deb packages from unstable where needed.


It is dangerous to be right when the government is wrong.
        -- Voltaire

Reply to: