stable vs unstable | was Re: русский в Debian
>>>>> On Wed, 31 Jul 2002 23:31:38 +0300
>>>>> "Alexander" == Alexander Dudko <octo@tut.by> wrote:
Alexander>
Alexander> :-)
Alexander> Хотя это уже оффтопик....
Alexander>
Alexander> Возьмем, например, squid.
Alexander> Согласно данным www.debian.org:
Alexander> Debian package search results
Alexander> ....
Alexander> stable
Alexander> squid 2.4.6-2 (667.7k)
Alexander> Internet Object Cache (WWW proxy cache)
Alexander>
Alexander> unstable
Alexander> squid 2.4.7-1 (669.3k)
Alexander> Internet Object Cache (WWW proxy cache)
Alexander>
Alexander> Смотрим отличия 2.4.7 от 2.4.7 на www.squid-cache.org:
Alexander> + - Squid now drops any requests using transfer-encoding.
Alexander> + Squid is a HTTP/1.0 proxy and as such do not support
Alexander> + the use of transfer-encoding.
Alexander> + - The MSNT auth helper has been updated to v2.0.3+fixes for
Alexander> + buffer overflow security issues found in this helper.
Alexander> + - A security issue in how Squid forwards proxy authentication
Alexander> + credentials has been fixed
Alexander> + - Minor changes to support Apple MAC OS X and some other
Alexander> platforms
Alexander> + more easily.
Alexander> + - The client -T option has been implemented
Alexander> + - HTCP related bugfixes in "squid -k reconfigure"
Alexander> + - Several bugfixes and cleanup of the Gopher client, both
Alexander> + to correct some security issues and to make Squid properly
Alexander> + render certain Gopher menus.
Alexander> + - FTP data channels are now sanity checked to match the address
Alexander> of
Alexander> + the requested FTP server. This to prevent theft or injection
Alexander> of
Alexander> + data. See the new ftp_sanitycheck directive if this is not
Alexander> desired.
Alexander> + - Security fixes in how Squid parses FTP directory listings into
Alexander> HTML.
Alexander>
Alexander> Вот теперь любители stable, объясните мне, руководствуюсь какими
Alexander> соображениями я должен оставить на машине с реальным ip старую версию
Alexander> squid.
потому что
squid (2.4.6-2) testing-security; urgency=high
* Upload to woody-proposed-updates because of security issues.
* There is a buffer overflow in the ftp and gopher code. Fixed by:
o squid-2.4.STABLE6-ftp_directories.patch
o squid-2.4.STABLE6-gopher.patch
* The squid FTP client wasn't secure wrt control and datachannels.
It now checks that they come from the same address. Fixed by:
o squid-2.4.STABLE6-ftp_sanitycheck.patch
* Sometimes squid forwarded proxy-auth to remote HTTP servers. Fixed by:
o squid-2.4.STABLE6-proxy_auth.patch
* Move examples back to /usr/share/doc/squid/examples (fixes: #151657).
-- Miquel van Smoorenburg <miquels@cistron.nl> Thu, 4 Jul 2002
13:03:55 +0200
Alexander> Я полностью согласен, что на десктоп лучше всего stable. Но на прокси
Тут вот как раз многие не согласятся.
Alexander> корпоративной сети - только unstable. Или компилировать новые пакеты
Как бы это выразиться... более... /странной/... я попросту не
припомню...
Alexander> самому, как я и поступал, до того как поставил Debian. Я не могу ждать
Alexander> пока "Security fixes..." войдет в stable.
Вы смотрели не в ту сторону.
--
Alexander Kotelnikov
Saint-Petersburg, Russia
Reply to: