custom sec updates, was Bad press related to (missing) Debian security
Marek Olejniczak wrote:
I must use it. Sarge is working on a ISP production servers.
I work for a medium-sized company and moved nearly all our application
hosting server from wind0ze and SuSE to Debian. Debian is our choice for
I'm working for many ISP providers. And now I have problems with
security on this servers. What can I do? I can't patch by hand every bug
on many servers!
I suggest you create your own apt server (basically its just a HTTPD),
when you administer a larger number of servers, you often face the
problem that you need to deploy customized packages to many machines. So
using you own apt source in addition to the stable debian sources is the
way to go IMHO.
Once you have such a thing in place, rolling out your own security
patches / customisations on many systems gets much easier. I have my own
apache, postgresql, java and jboss packages for example. I also
distributed a patched version of sudo this way.
Even if you did not use those techniques (.deb building, running an apt
source) up to now, I think its rewarding for you, especially if you run
a larger number of servers. I do not have any links ready to point you
to, but i'll check my (unsorted) bookmark file later ;)