Re: Security of Debian Testing
* Anthony Simonelli (asimonelli7@yahoo.com) [050123 10:40]:
> I realize that Debian Testing "Sarge" is not supported by the Security
> Team and that it is the last branch of the Debian to receive updates.
> Though I am tempted to use it as a production server (Squid & Postfix)
> because of its cutting edge of software as compared to Woody, I realize
> that it is not stable and their may be potentially major problems with
> security and compatibility of packages.
>
> As a desktop, I currently run Fedora Core 3 but I was wondering if
> Debian Testing would be a good idea for a desktop until Sarge becomes
> the stable branch of Debian? Would it be more secure to run Fedora Core
> 3 than Debian Testing? Would it be smart to use Debian Testing or
> Fedora Core 3 for a server? Which is more secure for both functions.
well, it always depends how hostile your environment is, and how much
time you invest into keeping it current. For boxes where you accept that
anybody who could login to a machine is also root (like I do for my
desktop machine here - who can physically access it _is_ root, and who
can't, cannot login), sarge is by far secure enough. If you follow
closely what happens, you can often take security updates from sid for
your sarge machine. But that requires time.
The other question is: What happens if an update to sarge screws up your
machine? The newer the distribution is, the more likely are problems.
Sarge should be pretty ok now, but one never knows.
So, this all is a "depends".
Cheers,
Andi
- hiding all hats he may have on -
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Reply to: