[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trusting Backports and unofficial Repositories

Dear Philipp,

On Sun, 18 Jul 2004 13:20:50 +0200
"Philipp" <mailinglists@oberberg.net> wrote:
> 1) Are you using unofficial repositories on production servers ?
I'm using PHP from dotdeb.org. It provides PHP 4.3.8 and PHP 5.00 for woody.
The guy who do that work for a french isp, so I think it's "safe"
I havn't any problem with these packages, I'm using it for a year now.
deb http://packages.dotdeb.org ./

> 4) What about security.debian.org ? If a vuln is found and
> security.debian.org gives
> out a fixes version, and i gave security.debian.org and the unofficial
> repository in my
> sources.list, what will happen ?
As the version in unofficial package will be higher, you will stay with it. You can force this mechanism with apt-pinning, aptitude or with holding package.

Package in woody, and from security.debian.org are always patch for security hole. So I think an old PHP 4.1 from woody is as secure as the last from dotdeb.
Using unofficial is to get more "new" features.

Hommelix 12 Me 201 aka Jerome Vandenabeele

Reply to: