Re: Trusting Backports and unofficial Repositories
I'm currently using backports.org and dotdeb.org in production.
s.d.o puts out patches against packages in stable only. since you'll be at
a highe major version apt/dpkg will ignore the ones that 'overlap'
--On Sunday, July 18, 2004 13:20 +0200 Philipp <firstname.lastname@example.org>
we are currently running several machines with, of course, debian.
as we need stability we are running woody, but we also dislike having
old software on our servers: the stable version of php for example is
4.1.2 and php.net has version 4.3.8 for download (marked as stable as
well). due to that gap we are using as many debian packages as possible,
but compile software like php and others from source, to be up-to-date.
but this procedure is very time consuming.
looking for a solution i came across apt-get.org and the unofficial
and backports they offer. now heres my question: would you trust these
for you production servers ? i dont think about security and malicious
opening backports in the first instance. you always have this problem more
but about updates when a problem is found in a package. so heres a
1) Are you using unofficial repositories on production servers ?
2) Is there a list of trusted unofficial repositories ?
3) What about updates if a problem is found in a package ? In connection
question 2): Can you recommend repositories, which proved quick response
to problems ?
4) What about security.debian.org ? If a vuln is found and
out a fixes version, and i gave security.debian.org and the unofficial
repository in my
sources.list, what will happen ?
I dont think this kind of question has not been discussed before, but i
couldnt find anything
related searching debian-isp archives. plz point me somewhere, if this has
thank you very much,
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
Modwest Sr. Systems Administrator
Powerful, Affordable Web Hosting