[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using sarge on production machines

On Fri, Feb 18, 2005 at 03:28:11PM +0100, kurt kuene wrote:
> so you think unstable with an eye on problems is still better than testing? I don't know. 

Unstable is fine if you know exactly what you're doing and can fix a
broken system yourself. unstable is potentiall unstable (surprise),
but more secure since security-related updates go into unstable

> if only the security
> team would start working *sigh*.

afaik, the security team is ready, but the infrastructure is not.

> >From: Marc Haber <mh+debian-security@zugschlus.de>
> >It is better to have a broken service. If you know exactly what you're
> >doing, and take a close look at changelogs, this might be a good
> >option. Maybe don't track unstable closely, but only update every -
> >say - two weeks, while keeping a close look at new uploads' changelogs
> >to spot security issues.
> what I do no understand is why this should be more secure than
> running testing?

You can immediately install a package that received a security update
on an unstable system. If you do the same on testing (installing a
package from unstable on a testing system), you will pull in libraries
from unstable, potentially introducing breakage.

> so nobody here is using sarge on productive systems??

Well, I am not.

> I am always told that sarge comes soon. so why use sid? if sarge is
> coming soon why worry?

Currently, the sarge security infrastructure is missing. Thus, you
will have a mandatory delay to wait for a fixed package to migrate
from unstable to testing.

> apt-pining gives a false security feeling. so pining is deceptive.

Well, pinning was never intended to allow mixded-distribution systems.


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Reply to: