Re: using sarge on production machines
On Fri, Feb 18, 2005 at 03:28:11PM +0100, kurt kuene wrote:
> so you think unstable with an eye on problems is still better than testing? I don't know.
Unstable is fine if you know exactly what you're doing and can fix a
broken system yourself. unstable is potentiall unstable (surprise),
but more secure since security-related updates go into unstable
immediately.
> if only the security
> team would start working *sigh*.
afaik, the security team is ready, but the infrastructure is not.
> >From: Marc Haber <mh+debian-security@zugschlus.de>
> >It is better to have a broken service. If you know exactly what you're
> >doing, and take a close look at changelogs, this might be a good
> >option. Maybe don't track unstable closely, but only update every -
> >say - two weeks, while keeping a close look at new uploads' changelogs
> >to spot security issues.
>
> what I do no understand is why this should be more secure than
> running testing?
You can immediately install a package that received a security update
on an unstable system. If you do the same on testing (installing a
package from unstable on a testing system), you will pull in libraries
from unstable, potentially introducing breakage.
> so nobody here is using sarge on productive systems??
Well, I am not.
> I am always told that sarge comes soon. so why use sid? if sarge is
> coming soon why worry?
Currently, the sarge security infrastructure is missing. Thus, you
will have a mandatory delay to wait for a fixed package to migrate
from unstable to testing.
> apt-pining gives a false security feeling. so pining is deceptive.
Well, pinning was never intended to allow mixded-distribution systems.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Reply to: