Re: Debian testing suitable for productive?
On Wed, 13 Mar 2002, Patrick Hsieh wrote:
> Sometimes, you know, there'll be security advisory or update packages
> available, say openssh or libzip, and you need to immediately update
> your production machines to aviod known vulnerability. However, you
> can't just apt-get upgrade if you do not run the stable release.
>
> What method is recommended to keep the testing or unstable release
> update and free from security vulnerability?
Not sure I really understand your problem here, Patrick.
I do an apt-get -u dist-upgrade on my quarantine box every night to
upgrade testing (I actually use a testing-specific sources.list rather
than pinning), but either way will work for you.
If it's an urgent upgrade, do a very quick test on your quarantine box
to ensure that nothing breaks; then an almost immediate upgrade of the
appropriate packages to the production box.
[I also have the following line in my sources.list:
deb http://security.debian.org/ stable/updates main contrib non-free ]
Whether you decide to run dodgy combinations of unstable/testing/stable
packages to get round temporary security fixes is up to you.
(I have done in the past; and got away with it. But I don't advise it.)
HTH
--
Martin Wheeler <mwheeler@startext.co.uk> gpg:1024D/01269BEB the.earth.li
Reply to: