[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using sarge on production machines

On 18 Feb 2005, kurt kuene wrote:
> * I have to use testing (sarge). *

Have to?

> All of my 3 webservers (apache php mysql java tomcat). on two other
> webserver I run woody with some packages from sarge (apt-pining) and
> the mail relay servers (spamassasin amavisd postfix clamav).

IIRC, all of those are available from backports.org, which would allow
you to upgrade only those portions, keeping the rest of your system on
the nice, stable basis of the current release.


> so what strategies to use if you are forced to work with a distro
> other then woody?

0)  Use backports.org, or do backports myself.

Really, this is usually a lot less painful than it sounds, especially
with the existing backports people doing most of what I care about for

> 1)
> running unstable.
> the updates are faster. security should be better then in testing.
> but stability is far better in testing. 

Is it?  I can't honestly say that I have noticed that, frankly.

> so the question is:
> is it better to have a broken service or an  insecure one?

Broken, honestly.  Insecure means that you get to spend your time
picking up the pieces as you restore from backups (4 hours, at least),
rather than fielding a few irate phonecalls.

...or you could use a "testbed" machine which you run your system
acceptance tests against before you commit to any upgrades on your
production systems. :)


> the problem I have is that I have very little time and can not track
> every security issue every time. so I must find some simple resources
> or strategies to keep my systems save.

Using backports.org is usually sufficient -- they are on top of security
issues very quickly, and you can watch their (low traffic) mailing list
without too much time spent.

Also, I recommend bugtraq as a way of knowing what is coming up;  be
brutal about filtering it away and ignoring anything you don't run, and
it works pretty well I find.


> I am a bit worried and I begin to be nervous because of sarge is still
> testing. If you can help me with suggestions about how to deal best
> with the problem of using sarge in productive environments. (without
> changing the distro)

I hope my suggestions help. :)

It could be that the real universe...is perhaps what has been started by some
disastrous experiment performed some twenty billion years ago by a
post-graduate student in order to test the structure of a vacuum of another
        -- Johann Rafelski and Berndt Muller, _The Structured Vacuum_

Reply to: