I agree with Tim Uckden's comments - we don't need bleeding edge, but we also don't need some-obscure-whizzo-package-on-104-obsolete-hardware-architectures.deb holding up basic things like Apache, PHP, Perl, Mod_Perl, MySQL etc. We would be over the moon to have a mini-stable that only contained core packages, and that kept better pace with the real world.
I have given this more thought since I posted my comments and it occurs to me that this is a business opportunity more then anything else. What is needed is a distro based on debian, following the same rules of safety as debian, using the same packages etc. Everything is the same except that apt-sources points to a list which contains a smaller set of platform specific packages. This list get's updated as often is possible while staying with the safety requirements of debian.
As for us we decided to go with freebsd on some systems thinking it might offer security along with more frequently updated ports. So far I am not impressed with it. The ports are not as easy to use as apt, and ports are sometimes just plain old broken. If anybody has an answer I'm all ears as long as the answer does not contain the words microsoft or red or hat.
-- To UNSUBSCRIBE, email to debian-security-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org