Re: Security Support by the Security-Team
Hi!
Just a few remarks:
<< Use unstable or testing, and apply security fixes yourself. Over
To my opinion this is a bad suggestion. Maybe my last mail was a bit
unclear about this. As security is a process rather than a state,
your systems will hardly ever have all the available security-patches.
(Not to note that it's not possible to keep up with this job
if you are alone with it, which will be the fact if you do it by
hand for testing/unstable.)
So the question is how to deal with this. As every distribution has
a security-team these days (or at least should have) it is possible
to get the security-patches in (quite short) time. They established a
processes how these patches get into the distributions and do a lot
of communication with each other that none is missed.
(And if you ever tried to, you will know that this is a quite complex
job to do if you want to do it well.)
As result a lot of people rely on the work of these teams.
Especially Debian has a very "open" way to do this. Security
problems a handled publicly if there's no request to do it not
this way.
So if you protect your systems (more than 2) by these updates, you would
be well advised to establish a process yourself how you get them onto
your system and how - in general - you keep them more or less secure.
And the information if Debian-Security is
working as expected is a very valuable one to people who did this.
Hopefully my considerations are clear now. (This mail became much
longer than I wanted.)
Cheers.
Helmut
--
My GNUpg fingerprint http://www.gnupg.org
4563 F4FB 0B7E 8698 53CD 00E9 E319 35BD 6A91 1656
Reply to: