[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Easy/Fast way to view a package's debian/changelog

On Mon, Aug 04, 2003 at 08:08:01PM -0500, Michael D. Schleif wrote:
> Also sprach Hugh Saunders (Tue 05 Aug 02003 at 01:25:45AM +0100):
> > erm, why not just run unstable?? mixed stable/testing/unstable looks
> > like a mess to me and probably doesnt help with getting security fixes
> > for stuff either.
> Exactly!  Since there are *no* un-stable security sources, I'd prefer to
> stick with stable/testing ;<

I think there might be a slight misunderstanding here.

Stable gets security updates, but, if you have a version of the package
in question from unstable installed, then the version in the stable
security update will be less than the installed one, and therefore won't
be installed.

Testing gets *no security updates* apart from those that trickle in from
unstable (or, very rarely, testing-proposed-updates). It is the least
secure distribution. This is mainly a manpower problem on Debian's end,
but it's nevertheless a reality.

While unstable has no security team explicitly looking after it, it
still gets security fixes, usually reasonably promptly, sometimes before
stable if the maintainer happens to be on the ball, and certainly before

In your place, I would go for either stable plus backported bits and
pieces or unstable, depending on the application. I think running mixed
systems is unwise, except perhaps for testing plus bits from unstable,
and even then I'm not sure. On my stable systems, the only
not-from-stable packages I run are ones which I have compiled on stable
from later source; this avoids the "whoops, I dragged in unstable's
libc6 and the world blew up" problem. The sorts of packages that you
most want to keep stable are often exactly the sorts of packages that
dependencies in testing and unstable will force you to upgrade.


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: