Re: Trusting Backports and unofficial Repositories

To: debian-isp@lists.debian.org
Subject: Re: Trusting Backports and unofficial Repositories
From: Jerome Vandenabeele <jerome.vandenabeele@gadz.org>
Date: Sun, 18 Jul 2004 13:41:59 +0200
Message-id: <[🔎] 20040718134159.5122c2f8@localhost>
In-reply-to: <[🔎] 02df01c46cb9$48134af0$1502a8c0@PHILIPP>
References: <[🔎] 02df01c46cb9$48134af0$1502a8c0@PHILIPP>

Dear Philipp,

On Sun, 18 Jul 2004 13:20:50 +0200
"Philipp" <mailinglists@oberberg.net> wrote:
> 1) Are you using unofficial repositories on production servers ?
I'm using PHP from dotdeb.org. It provides PHP 4.3.8 and PHP 5.00 for woody.
The guy who do that work for a french isp, so I think it's "safe"
I havn't any problem with these packages, I'm using it for a year now.
-----8<--------
deb http://packages.dotdeb.org ./
-----8<--------

> 4) What about security.debian.org ? If a vuln is found and
> security.debian.org gives
> out a fixes version, and i gave security.debian.org and the unofficial
> repository in my
> sources.list, what will happen ?
As the version in unofficial package will be higher, you will stay with it. You can force this mechanism with apt-pinning, aptitude or with holding package.

Package in woody, and from security.debian.org are always patch for security hole. So I think an old PHP 4.1 from woody is as secure as the last from dotdeb.
Using unofficial is to get more "new" features.

Hommelix
-- 
Hommelix 12 Me 201 aka Jerome Vandenabeele

Reply to:

Follow-Ups:
- Re: Trusting Backports and unofficial Repositories
  - From: Arnt Karlsen <arnt@c2i.net>

References:
- Trusting Backports and unofficial Repositories
  - From: "Philipp" <mailinglists@oberberg.net>

Prev by Date: Re: hardware/optimizations for a download-webserver
Next by Date: Re: hardware/optimizations for a download-webserver
Previous by thread: Trusting Backports and unofficial Repositories
Next by thread: Re: Trusting Backports and unofficial Repositories
Index(es):
- Date
- Thread