[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using sarge on production machines

On Fri, Feb 18, 2005 at 02:14:35AM +0100, kurt kuene wrote:
> 1)
> running unstable.
> the updates are faster. security should be better then in testing.
> but stability is far better in testing. 
> so the question is:
> is it better to have a broken service or an  insecure one?

It is better to have a broken service. If you know exactly what you're
doing, and take a close look at changelogs, this might be a good
option. Maybe don't track unstable closely, but only update every -
say - two weeks, while keeping a close look at new uploads' changelogs
to spot security issues.

> 2)
> 2a)
> using stable with backports:
> backports may have security problems and stability problems. you have to trust the maintainer of the package.
> and read security news.
> I think this is good if you need only few packages.

That is IMO the best solution.

> 2b)
> running stable with some sarge packages (apt-pining)
> the base system is stable and gets the security updates.

Bad idea. One of your first sarge packages will pull in libc6 from
sarge, and already your assumption that the base system is stable is
wrong. Same goes for other libraries that might get pulled in from

> the problem I have is that I have very little time and can not track
> every security issue every time. so I must find some simple resources
> or strategies to keep my systems save.

Use stable with backports, maybe hire somebody external to look after
your systems.


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Reply to: