Re: Security of Debian Testing

To: debian-testing@lists.debian.org
Subject: Re: Security of Debian Testing
From: Bob Hutchinson <hutchlists@midwales.com>
Date: Sun, 23 Jan 2005 11:14:28 +0000
Message-id: <[🔎] 200501231114.28133.hutchlists@midwales.com>
Reply-to: hutchlists@midwales.com
In-reply-to: <[🔎] 41F37051.2050301@yahoo.com>
References: <[🔎] 41F37051.2050301@yahoo.com>

On Sunday 23 Jan 2005 09:37, Anthony Simonelli wrote:
> I realize that Debian Testing "Sarge" is not supported by the Security
> Team and that it is the last branch of the Debian to receive updates.

I run servers on both testing and stable and the security updates are the same 
on both, as they both come from the same place,

deb http://security.debian.org/ stable/updates main contrib non-free

> Though I am tempted to use it as a production server (Squid & Postfix)
> because of its cutting edge of software as compared to Woody, I realize
> that it is not stable and their may be potentially major problems with
> security and compatibility of packages.

As far as the stability and compatability of packages of the testing branch 
goes I have no complaints; there was a minor glitch some time ago with the 
upgrading of gcc, one package got left behind (on friday night) and I could 
not compile that particular weekend, the glitch was sorted on the monday. I 
can live with that, everyone needs some time off.

Try and get that kind of promptness from proprietary s'ware!
" It's not a bug it's a feature"

I also use Debian testing as my desktop and it is more stable than stable 
branch to be honest and certainly has more functionality, not to mention more 
drivers for nic, sound and graphics cards. I had some problems with sound 
initially (trying to get Skype to work) but those sorted themselves out a few 
weeks later in a flurry of updates.

Personally I steer clear of the 2.6.x kernel and am sticking with 2.4.x until 
the dust settles, but plenty of others are using it successfully.

>
> As a desktop, I currently run Fedora Core 3 but I was wondering if
> Debian Testing would be a good idea for a desktop until Sarge becomes
> the stable branch of Debian?  Would it be more secure to run Fedora Core
> 3 than Debian Testing?  Would it be smart to use Debian Testing or
> Fedora Core 3 for a server?  Which is more secure for both functions.

Debian's default install has always been tighter than RH, and Debian has 
consistently made security patches available well before they have appeared 
on RH's paid-for updates. I doubt that Fedora core gets them as quickly.

A friend of mine recently installed Debian on a brand new Dell Poweredge and 
it stumbled on the nic card, he put in a bug report, it was fixed and in the 
CVS the next day, now that is 'on the case'.

If what you need is ease of installation, a windowsish frontend and no techie 
knowhow try Xandros, it is not expensive and very slick, with Debian under 
the bonnet, so you get all the security updates same as stock Debian.

>
> I know that no one can officially answer my questions but I would just
> like people's opinions.  I'm still quite a newbie but there are plenty
> of documents on the web for hardening Linux in general.

If what you need is a 'hardened' machine, go for one of the BSDs but you will 
have to roll up your sleeves and RTM, not for the faint-hearted and very 
minimalist.

HTH
-- 
-----------------
Bob Hutchinson
Midwales dot com
-----------------

Reply to:

Follow-Ups:
- Re: Security of Debian Testing
  - From: Floris Bruynooghe <fb102@soton.ac.uk>

References:
- Security of Debian Testing
  - From: Anthony Simonelli <asimonelli7@yahoo.com>

Prev by Date: Re: Security of Debian Testing
Next by Date: Re: Security of Debian Testing
Previous by thread: Re: Security of Debian Testing
Next by thread: Re: Security of Debian Testing
Index(es):
- Date
- Thread