[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian testing suitable for productive?

On Wed, 13 Mar 2002, Patrick Hsieh wrote:

> Sometimes, you know, there'll be security advisory or update packages
> available, say openssh or libzip, and you need to immediately update
> your production machines to aviod known vulnerability. However, you
> can't just apt-get upgrade if you do not run the stable release.
> What method is recommended to keep the testing or unstable release
> update and free from security vulnerability?

Not sure I really understand your problem here, Patrick.

I do an  apt-get -u dist-upgrade  on my quarantine box every night to
upgrade testing (I actually use a testing-specific sources.list rather
than pinning), but either way will work for you.

If it's an urgent upgrade, do a very quick test on your quarantine box
to ensure that nothing breaks; then an almost immediate upgrade of the
appropriate packages to the production box.

[I also have the following line in my sources.list:
deb http://security.debian.org/ stable/updates main contrib non-free ]

Whether you decide to run dodgy combinations of unstable/testing/stable
packages to get round temporary security fixes is up to you.
(I have done in the past; and got away with it.  But I don't advise it.)

Martin Wheeler <mwheeler@startext.co.uk> gpg:1024D/01269BEB the.earth.li

Reply to: