Re: Woody vs. Sarge vs. You've heard this before ;-)

To: <debian-user@lists.debian.org>
Subject: Re: Woody vs. Sarge vs. You've heard this before ;-)
From: "Jacob Anawalt" <jacob@cachevalley.com>
Date: Thu, 14 Aug 2003 12:46:27 -0600
Message-id: <[🔎] 004401c36294$5e6735d0$0401a8c0@office>
References: <[🔎] 20030813200231.GA18340@core-dev.com> <[🔎] 3F3BBBA6.5030201@mindspring.com>

"Keith G. Murphy" <keithmur@mindspring.com> wrote:
> Aaron wrote:
>
> >
> > I don't want the hassle of running a hybrid Woody/Sarge system, just
> > because I'm too lazy to deal with the depedencies, but I don't mind a
> > few bugs in exchange for a more recent version of KDE/gAIM/whatever.
> >
> One disadvantage of moving away from stable is that you don't have the
> security updates available anymore.  Of course, this probably doesn't
> matter much if you're on a single family PC with no open ports to the
> Internet.
>

When I asked about security, I was told that if bugfixes, including
security updates, are implemented upstream, they would appear in
unstable much sooner than they would in testing.

My conclusion from that was that yes, I will not be getting security
updates from the Debian security team in stable, but I would be getting
the security updates in the form of normal updates to unstable much sooner
than I am going to see them in testing. At any rate, I choose to keep
unstable behind an iptables firewall and NAT gateway running stable.

> But what I do on my home PC is run stable (with security updates) plus
> selective updates from some of the 3rd-party Woody backport sources from
> apt-get.org.  Then, I just keep an eye on new security updates; if one
> cropped up on a package I drew from a 3rd party source, I'd have to
> figure out if the 3rd-party packager had incorporated the update, and
> what I needed to do if he didn't.
>
> I can't stand behind any of the packages from apt-get.org, but I'd be
> very surprised if, say, Adrian Bunk's packages were not of extremely
> high quality.
>
> I do notice there's some KDE there, but I can't tell if they're Woody
> backports.
>
> Happy hunting!
>

I haven't gotten into apt-get.org, though it is often suggested. You have
expressed the same issue I have imagined would be the case if I used
apt-get.org, just as I had using 3rd party RPMs for say mod_frontpage.
Security updates aren't released by the 'official security team', and may
not be as timely. On the other hand, the person making the 3rd party
packages _if_ they are still active and not on vacation or sick or something
would likely be re-compiling and back-porting the package for themselves.

Where are they back-porting the fix from? If it's unstable, didn't the guys
running unstable already get this fix? I guess if it's from experimental or
the
upstream maintainer or developers then a stable backport might outpace
an unstable update.

The stable backports sound like a good way to go, especially if
you only want the latest update of a package or two, instead of everything.
For my desktop system running unstable seems to be the thing to do,
running testing wasn't.

Reply to:

References:
- Woody vs. Sarge vs. You've heard this before ;-)
  - From: Aaron <aaron@core-dev.com>
- Re: Woody vs. Sarge vs. You've heard this before ;-)
  - From: "Keith G. Murphy" <keithmur@mindspring.com>

Prev by Date: Graphical units conversion program?
Next by Date: GDM not loading????? help
Previous by thread: Re: Woody vs. Sarge vs. You've heard this before ;-)
Next by thread: iptables (own script) checkup
Index(es):
- Date
- Thread