[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

custom sec updates, was Bad press related to (missing) Debian security

Marek Olejniczak wrote:

I must use it. Sarge is working on a ISP production servers.

I work for a medium-sized company and moved nearly all our application hosting server from wind0ze and SuSE to Debian. Debian is our choice for production servers.

I'm working for many ISP providers. And now I have problems with security on this servers. What can I do? I can't patch by hand every bug on many servers!

I suggest you create your own apt server (basically its just a HTTPD), when you administer a larger number of servers, you often face the problem that you need to deploy customized packages to many machines. So using you own apt source in addition to the stable debian sources is the way to go IMHO.

Once you have such a thing in place, rolling out your own security patches / customisations on many systems gets much easier. I have my own apache, postgresql, java and jboss packages for example. I also distributed a patched version of sudo this way.

Even if you did not use those techniques (.deb building, running an apt source) up to now, I think its rewarding for you, especially if you run a larger number of servers. I do not have any links ready to point you to, but i'll check my (unsorted) bookmark file later ;)


Reply to: