Re: Security of Debian Testing
On Sun, Jan 23, 2005 at 05:47:12PM +0000, Bob Hutchinson wrote:
> On Sunday 23 Jan 2005 12:04, Floris Bruynooghe wrote:
> > On Sun, Jan 23, 2005 at 11:14:28AM +0000, Bob Hutchinson wrote:
> > > On Sunday 23 Jan 2005 09:37, Anthony Simonelli wrote:
> > > > I realize that Debian Testing "Sarge" is not supported by the Security
> > > > Team and that it is the last branch of the Debian to receive updates.
> > >
> > > I run servers on both testing and stable and the security updates are the
> > > same on both, as they both come from the same place,
> > >
> > > deb http://security.debian.org/ stable/updates main contrib non-free
> >
> > Erm, afaik this line won't do anything on your testing
> > machines... Only packages witht the stable version number will
> > get uploaded into this archive. The apt system will not consider
> > these security updates as it has more recent versions of the
> > packages from you testing archive. That's whats meant with
> > "there's no security support for testing" I thought.
>
> hmmmm
> well, it is what the netinstall iso put into sources.list by default, I can
> see them come in, I can see the debs get installed and I can see them in the
> cache. Nuff said ;-)
Are many packages from
/var/lib/apt/lists/*security.debian.org*Packages actually
installed with _the same_ version as from that file? That would
surprise me.
> The iso I currently use is
> http://cdimage.debian.org/pub/cdimage-testing/sarge_d-i/i386/rc2/sarge-i386-netinst.iso
Fair enough, that should be sarge...
> By looking at datestamps on
> ftp.uk.debian.org/debian/dists/testing and dists/stable I can see that a
> great many packages in stable were updated on December 30, presumably from
> testing. But that is just presuming of course ;)
Debian 3.0r4 was realeased then. So that where all the security
packages that where moved into the stable archive. Not packages
from testing.
Cheers
Floris
--
Debian GNU/Linux -- The power of freedom
www.debian.org | www.gnu.org | www.kernel.org
Reply to: