Dear All,
we are currently running several machines with, of course, debian.
as we need stability we are running woody, but we also dislike having
old software on our servers: the stable version of php for example is
4.1.2 and php.net has version 4.3.8 for download (marked as stable as
well). due to that gap we are using as many debian packages as possible,
but compile software like php and others from source, to be up-to-date.
but this procedure is very time consuming.
looking for a solution i came across apt-get.org and the unofficial
repositories
and backports they offer. now heres my question: would you trust these
archives
for you production servers ? i dont think about security and malicious
packages
opening backports in the first instance. you always have this problem more
or less,
but about updates when a problem is found in a package. so heres a
catalogue:
1) Are you using unofficial repositories on production servers ?
2) Is there a list of trusted unofficial repositories ?
3) What about updates if a problem is found in a package ? In connection
with
question 2): Can you recommend repositories, which proved quick response
to problems ?
4) What about security.debian.org ? If a vuln is found and
security.debian.org gives
out a fixes version, and i gave security.debian.org and the unofficial
repository in my
sources.list, what will happen ?
I dont think this kind of question has not been discussed before, but i
couldnt find anything
related searching debian-isp archives. plz point me somewhere, if this has
been discussed
allready.
thank you very much,
philipp
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org