* Antoine Le Gonidec: " Re: Debian - Release Cadence Options" (Sat, 18 Oct 2025
14:24:40 +0200):
> Le Sat, Oct 18, 2025 at 04:23:07AM +0200, tomas@tuxteam.de a écrit :
> > (…) Plus,
> > since both don't have a security policy, security issues get (arguably)
> > fixed faster on testing.
>
> Beware, if you’re talking unstable vs. testing here, testing is the one
> with the worst security support (= none at all) of all Debian branches.
>
> Security fixes are provided in unstable as part of packaging new
> upstream releases, and cherry-picked to stable through the dedicated
> security channel. On testing, security fixes do not go through a special
> channel: they trickle down from unstable following the usual rules, so
> with at least a 3 to 5 days delay that can grow to weeks or even months if
> you’re unlucky.
I am using testing with debsecan which for me combines the best of both worlds.
--
Mathias Behrle
PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Attachment:
pgpvM06GZOAWC.pgp
Description: Digitale Signatur von OpenPGP