[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using sarge on production machines

hi
first thanks a lot.
you all helped me very much.

apparently running stable with backports is best.
so I made the wrong decision upgrading my systems to sarge. :(
I did this because I thought it will come out soon and It is safe enough to use it. This was six month ago. If I could turn back time I would use backports.

>Florian Weimer <fw@deneb.enyo.de>
>From time to time, there was quite a lot of significant breakage
>(especially when we weren't as close to the release as we are now),
>but as I didn't have to fulfill any SLAs, it was typically no big deal
>to sort out the issues when they arose.

so you think unstable with an eye on problems is still better than testing? I don't know. 
>(especially when we weren't as close to the release as we are now)
close to the release? this was what I thought 6 month ago (changed to testing) and it may take an other six month. if only the security team would start working *sigh*.

>From: Harry <postituk@yahoo.com>
> use UML and chroot it and run sarge in it.
UML is no option for me because my users do not need root.
on some machines they have ftp only without shell on the oder they have a shell user account without ftp.

if uml gets hacked I need to use my backup anyway. 
naturally I have a complete backup of the systems. so if something bad happens I can play back everything, plug the hole and go back online.
this would cost me some time, but more nerves. :|

>From: Marc Haber <mh+debian-security@zugschlus.de>
>It is better to have a broken service. If you know exactly what you're
>doing, and take a close look at changelogs, this might be a good
>option. Maybe don't track unstable closely, but only update every -
>say - two weeks, while keeping a close look at new uploads' changelogs
>to spot security issues.

what I do no understand is why this should be more secure than running testing?

so nobody here is using sarge on productive systems??
--
some use stable. this is best.
--
if they need newer packages, using backports is best.
I would do this if i could downgrade from sarge.
but this is a pain in ...
--
others use sid and makes updates only every two weeks if no security issue appear.
--
I am always told that sarge comes soon. so why use sid? if sarge is coming soon why worry?

summary:
I would use backport if I could go back.
I would not use sid because of stability. 
apt-pining gives a false security feeling. so pining is deceptive.
--

Nobody is using Sarge? Am I the only one running Sarge on Servers?
why? thats what I get to hear...
no one uses sarge for important things?

it is quite stable. but how to make it secure?
at least some people know what I mean:
http://secure-testing.alioth.debian.org/

fact is: I am using Sarge!  :/ 
are there strategies in Securing Sarge that I have missed?
Or would someone suggest me to downgrade, because it is far too dangerous using sarge on servers, or even on machines that are on the net?

again thanks a lot for all the help :)

regards
kuene
Reply to: