Re: security warnings (on unstable)
On Wed, Oct 01, 2003 at 11:17:40 +0200, Christian Jaeger wrote:
> What's the best way to let machines (running unstable) to warn me about
> pending upgrades marked as security relevant (or just relevance high)?
"Q: How is security handled for testing and unstable?
A: The short answer is: it's not. Testing and unstable are rapidly moving
targets and the security team does not have the resources needed to properly
support those. If you want to have a secure (and stable) server you are
strongly encouraged to stay with stable. However, the security secretaries
will try to fix problems in testing and unstable after they are fixed in the
Thus, if you need to handle security issues for a machine running unstable,
your best bet is to
- Subscribe to debian-security-announce to get the security advisories for
stable, then determine if the issue affects unstable, and, if so, check
unstable and incoming.debian.org for fixed packages or make them yourself.
- Subscribe to debian-devel to follow unstable-specific security issues
That said, IMHO if you think about deploying unstable in an ISP setting you
should step back and take a very, very good look at why you are even
thinking about that. For an ISP, what you want is reliability and stability.
Stable (if necessary augmented with selective backports or additions from
apt-get.org) will give you that, unstable wont.
Outlook Express is free, and also sometimes lets strangers share your hard
disk - is this anarchism?
The Register's Graham Lea commenting on Steve Balmer's comparison of
Linux to communism in http://www.theregister.co.uk/content/1/12266.html