[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Trusting Backports and unofficial Repositories

Dear All,

we are currently running several machines with, of course, debian.
as we need stability we are running woody, but we also dislike having
old software on our servers: the stable version of php for example is
 4.1.2 and php.net has version 4.3.8 for download (marked as stable as
well). due to that gap we are using as many debian packages as possible,
but compile software like php and others from source, to be up-to-date.
but this procedure is very time consuming.

looking for a solution i came across apt-get.org and the unofficial
and backports they offer. now heres my question: would you trust these
for you production servers ? i dont think about security and malicious
opening backports in the first instance. you always have this problem more
or less,
but about updates when a problem is found in a package. so heres a

1) Are you using unofficial repositories on production servers ?
2) Is there a list of trusted unofficial repositories ?
3) What about updates if a problem is found in a package ? In connection
question 2): Can you recommend repositories, which proved quick response to
problems ?
4) What about security.debian.org ? If a vuln is found and
security.debian.org gives
out a fixes version, and i gave security.debian.org and the unofficial
repository in my
sources.list, what will happen ?

I dont think this kind of question has not been discussed before, but i
couldnt find anything
related searching debian-isp archives. plz point me somewhere, if this has
been discussed

thank you very much,

Reply to: