Re: branding debian releases

To: debian-user@lists.debian.org
Subject: Re: branding debian releases
From: "s. keeling" <keeling@spots.ab.ca>
Date: Fri, 16 Apr 2004 20:24:52 -0600
Message-id: <[🔎] 20040417022452.GD10956@infidel.spots.ab.ca>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 63335.81.164.147.110.1082161738.squirrel@camelot.ddts.net>
References: <[🔎] slrnc7uic1.97r.spam@home.bounceswoosh.org> <[🔎] 002c01c42396$d5606f30$1000a8c0@hobbes> <[🔎] 20040416115801.3981952c.cmetzler@speakeasy.net> <[🔎] 20040416162826.GA5188@infidel.spots.ab.ca> <[🔎] 63335.81.164.147.110.1082161738.squirrel@camelot.ddts.net>

Incoming from Benedict Verheyen:
> > If the user wants/needs newer software than stable provides,
> > the Debian system can accomodate that through the installation of
> > backports or even /usr/local.
> 
> That's something i personally don't understand. I'm not sure if i get this
> right but isn't the point of running stable on servers that the software
> has been thoroughly tested and that the code is compiled against a stable
> version of libc6?

Yes.

> So if you install backports, you introduce new releases of packages and
> maybe libraries on your system which might contain serious bugs. Compiling
> the source of some apps (to install to /usr/local) might even fail because
> they need a newer libc6?

Perhaps, yes.  But consider something as release sensitive as
chkrootkit.  You do want to be as up to date as you can on something
like that, no?  That's why I always get the tarball from
chkrootkit.org (currently 0.43b?) instead of settling for stable's
version (currently 0.35-1).  Considering this is Debian, perhaps
stable's 0.35-1 has been patched with the latest fixes; I don't know.
I just know I'm running the latest chkrootkit.

> Also with backports or locally compiled source packages, wouldn't you have
> to keep up with the security of the packages yourself? I mean checking if
> a serious bug (securitywise) has been found against the package that you
> have installed or compiled?

Yes.  See lists.debian.org and debian-security and debian-security-announce

> Anyway, on making backports: it seems backports should totally avoid
> introducing a new libc6 and try to keep the number of new libs it needs to
> have installed to a minimum. It might be a daunting task i guess for some
> applications.

Backports being backports, they are not official Debian packages;
they're ports of software currently in testing or unstable, neither
of which is Debian stable.  If you determine you must have them, it's
up to you take responsibility for them.  Talk to the backport
maintainers if you want to see what's going on with them.

There's nothing Debian could, or should do about this.  They're
already testing to hell and back in order to release stable.
Expecting them to sign off on backports as well, with no idea of what
else may be running on the same system at that time, is unrealistic at
best.

Welcome to Debian, Linux, Free/Open Source Software, etc., etc.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to:

Follow-Ups:
- Re: branding debian releases
  - From: "Benedict Verheyen" <linux4bene@pandora.be>

References:
- Re: branding debian releases
  - From: "Monique Y. Mudama" <spam@bounceswoosh.org>
- RE: branding debian releases
  - From: "Simmel" <simmel@anymotion.de>
- Re: branding debian releases
  - From: Chris Metzler <cmetzler@speakeasy.net>
- Re: branding debian releases
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: branding debian releases
  - From: "Benedict Verheyen" <linux4bene@pandora.be>

Prev by Date: Hosting virtual mail domains on Debian.
Next by Date: Re: HP Glance 4.00
Previous by thread: Re: branding debian releases
Next by thread: Re: branding debian releases
Index(es):
- Date
- Thread