On Tue, Mar 04, 2003 at 05:02:10PM +0000, Colin Watson wrote:
> On Tue, Mar 04, 2003 at 11:32:34AM -0500, stan wrote:
> > On Tue, Mar 04, 2003 at 06:15:02AM -0800, Marc Wilson wrote:
> > > On Tue, Mar 04, 2003 at 08:37:02AM -0500, stan wrote:
> > > > I did apt-get update and apt-get dist-upgrade on some of my
> > > > machines running testing, and I was surprised to not [pull patched
> > > > sendmail binaries, based upon the announcement of a vulnerability
> > > > in it yesterday.
> > >
> > > Testing doesn't have security updates, and has never been advertised as
> > > having security updates. Are you volunteering?
> > >
> > > <sigh> Someone else running testing in a production environment.
> >
> > And my choices are?
> >
> > As I see them.
> >
> > 1. Run unstable, and have a broken system more often than not.
> > 2. Run stable and have 1970's versions of software/
>
> That's a hopeless exaggeration; I run stable happily on my home server.
> Anyway, if you run testing you need to manage the security yourself by
> backporting patches. I don't believe anyone will ever have told you
> otherwise.
>
> (It's not an ideal situation, true. However, it's reality.)
>
Not idael at all. As a matter of fact, it makes the whole concept of a
testing release pretty useless. Look:
13:58:15 up 249 days, 5:48, 1 user, load average: 0.35, 0.32, 0.36
root@phsepi1:~# cat /etc/debian_version
testing/unstable
This is a amchien providing production related process control information
in a paper mill. The uptime would be longer, but I had a bug in my software
that was generating zombies, and ahd to reboot to clean up that mess.
That's certainly "stab;e"enough for em. And it gets apt-get dist-upgraded
pretty much every weekday morning.
So, we have a pretty "stable" release good enough "IMHO" for "real
production" work. But we choose to cripple it by not providing security
updtaes?
Sounds like bad allocation of resources to me!