Hi John, On moandei 25 Maaie 2009, john wrote: > The recent key-change forced me to use the main stable repos to get > the new keys (e.g apt-get install debian-archive-keyring ) > . and got me thinking... > > Is the approach I outlined the "best" way to maintain the security and > stability of these box's or should I really be using the main > repositories as well? I understand where you're coming from, but I do recommend to enable the main repositories aswell. There are several reasons for that. You may miss essential changes to keep the system running, like the APT keyrollover you mentioned; you also miss stability improvements, and less pressing security bugfixes which are released in stable point updates. Packages are only let into a stable point update after they get a lot of scrutiny. Only packages are accepted that fix really serious bugs, or smaller security issues that do not warrant a DSA. The stable release managers review each package before it may enter. Packages are only added in a point release which is announced on debian-announce, so you can review the changes before installing them. cheers, Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part.