Dossy wrote:
On 2003.09.16, Stephen Frost <sfrost@snowman.net> wrote:Is 3.6.1p2-3 vulnerable? For those of us who want security, must we downgrade to 3.4p1-1.1 or build from source after patching by hand? Or will this security fix be applied to sarge as well?There's at least a version on incoming.debian.org which has the version for unstable. I don't know what to tell you about testing/sarge. I'm sure it will be in before release but beyond that I've no idea when it will make it into testing.Eek. So, if we want to run secure systems, we either have to run unstable (and all the troubles that comes with) or stable? I find that "testing" is a good middle ground for a reasonably stable system but with reasonably up-to-date packages, so that's why I run it. Running "stable" involves hand-managing way too many packages that I do need more recent versions, and "unstable" involves way too many troubles if I apt-get update without carefully inspecting what's being updated, which I don't have the time for. :-( poop. Guess I'll go the deb-src route and hand-patch, I guess. Not what I wanted to do today ... ;-) -- Dossy
Or (to get a reasonably up to date system):* Set your default release to stable (I actually prefer to use distribution names, so that if I'm asleep at the switch when a new version is released I don't accidentally 'apt-get upgrade' when I should 'apt-get dist-upgrade')
* Include testing and unstable in sources.conf * Include apt-src for testing and/or unstable.* Install a stable system, then for special needs, try 'apt-get install foo/testing' (or "foo/unstable"). If you can live with the dependancies, great. If things turn ugly, then apt-get source instead.
This way, you'll have stable (with the corresponding security updates) for just about everything. For the few packages that need to be from unstable or testing, either patch them yourself, or watch incoming, or watch for others to contribute .debs.
Plus, you can apt-get update && upgrade without having your system blow up.I've found fairly few cases where I actually *need* a more recent version, so this approach works great for me. In most cases, the only perceved need for a more recent version has been for security updates, which, of course, are backported in Debian stable. Of course, YMMV.
--Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhek@etnsystems.com _________________________________________________________