[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Easy/Fast way to view a package's debian/changelog

Also sprach Colin Watson (Tue 05 Aug 02003 at 02:24:39AM +0100):
> On Mon, Aug 04, 2003 at 08:08:01PM -0500, Michael D. Schleif wrote:
> > Also sprach Hugh Saunders (Tue 05 Aug 02003 at 01:25:45AM +0100):
> > > erm, why not just run unstable?? mixed stable/testing/unstable looks
> > > like a mess to me and probably doesnt help with getting security fixes
> > > for stuff either.
> > 
> > Exactly!  Since there are *no* un-stable security sources, I'd prefer to
> > stick with stable/testing ;<
> I think there might be a slight misunderstanding here.
> Stable gets security updates, but, if you have a version of the package
> in question from unstable installed, then the version in the stable
> security update will be less than the installed one, and therefore won't
> be installed.
> Testing gets *no security updates* apart from those that trickle in from
> unstable (or, very rarely, testing-proposed-updates). It is the least
> secure distribution. This is mainly a manpower problem on Debian's end,
> but it's nevertheless a reality.
> While unstable has no security team explicitly looking after it, it
> still gets security fixes, usually reasonably promptly, sometimes before
> stable if the maintainer happens to be on the ball, and certainly before
> testing.
> In your place, I would go for either stable plus backported bits and
> pieces or unstable, depending on the application. I think running mixed
> systems is unwise, except perhaps for testing plus bits from unstable,
> and even then I'm not sure. On my stable systems, the only
> not-from-stable packages I run are ones which I have compiled on stable
> from later source; this avoids the "whoops, I dragged in unstable's
> libc6 and the world blew up" problem. The sorts of packages that you
> most want to keep stable are often exactly the sorts of packages that
> dependencies in testing and unstable will force you to upgrade.

I really do want to understand this, because lately I'm being drawn more
and more into unstable.  A couple months ago, I was drawn from
woody/stable into testing, and now my boxen are mostly testing:

   apt.conf: APT::Default-Release    "testing";

Nevertheless, empirically I know that these are valid sources:

   deb http://security.debian.org stable/updates contrib main non-free
   deb http://security.debian.org testing/updates contrib main non-free

And, this is *NOT* valid:

   deb http://security.debian.org unstable/updates contrib main non-free

Please, correct my misunderstandings, Colin; but, what I understand from
your message above is that, regardless of an unstable security source,
my boxen would be better off as totally, wholly un-stable?

What am I missing?

Best Regards,

mds resource
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .

Attachment: pgpsCJ80FxqAX.pgp
Description: PGP signature

Reply to: