Re: branding debian releases

To: <debian-user@lists.debian.org>
Subject: Re: branding debian releases
From: "Benedict Verheyen" <linux4bene@pandora.be>
Date: Tue, 20 Apr 2004 00:47:56 +0200
Message-id: <[🔎] 01ba01c42660$5bf84650$0a01a8c0@camelot>
Reply-to: "Benedict Verheyen" <linux4bene@pandora.be>
References: <[🔎] slrnc7uic1.97r.spam@home.bounceswoosh.org> <[🔎] 002c01c42396$d5606f30$1000a8c0@hobbes> <[🔎] 20040416115801.3981952c.cmetzler@speakeasy.net> <[🔎] 20040416162826.GA5188@infidel.spots.ab.ca> <[🔎] 63335.81.164.147.110.1082161738.squirrel@camelot.ddts.net> <[🔎] 20040417022452.GD10956@infidel.spots.ab.ca>

s. keeling wrote:
>> So if you install backports, you introduce new releases of packages
>> and maybe libraries on your system which might contain serious bugs.
>> Compiling the source of some apps (to install to /usr/local) might
>> even fail because they need a newer libc6?
>
> Perhaps, yes.  But consider something as release sensitive as
> chkrootkit.  You do want to be as up to date as you can on something
> like that, no?  That's why I always get the tarball from
> chkrootkit.org (currently 0.43b?) instead of settling for stable's
> version (currently 0.35-1).  Considering this is Debian, perhaps
> stable's 0.35-1 has been patched with the latest fixes; I don't know.
> I just know I'm running the latest chkrootkit.

On a related note, I'm trying to understand the whole concept on
stable - unstable because in a few weeks time i'm going to get the time
from my current company to install some test servers with debian to
compare them to windows. They will be running apache, tomcat,jboss
and OpenCMS. They will expect stability but also the newest versions
of the aformentioned softwares.
I want to take this chance to introduce Debian with both hands so i want
to now for sure what to install from what branch.
At home, i run unstable for my home server. I understand
that this is really no comparison with a company server but having
said that, i haven't really encountered a real show stopper bug in
unstable. Maybe because i do not really upgrade a lot.

It seems to me that if you have a server that only has 1 service
running, for instance serving webpages, then it could be possible to
run the unstable version of that package.
If you track the package and watch carefully for security issues, it
doesn't seem all that unsafe to me.
And definitely so if you jail the service.

So in such a case, couldn't you just manage with pinning and thus
tracking stable and only install 1 package from unstable or would this
trigger the install of a lot more programs due to dependancies?
I'm not even sure if having an unstable version of libc6 is so bad?
On the other hand, if the service you're installing doesn't need it,
then no need to install it off course.
In my case, where several services will be installed which will
be expected to be stable and bleeding edge, what is the most
appropriate way to proceed?

I just wonder if the versions of services that other distro's provide
are
also outdated or rather new compared to those of debian stable?
(i can't tell since i have no real experience with other distro's)
If those new versions are good enough for say Red Hat & SuSE,
wouldn't that imply that they are considered rather stable?

Regards,
Benedict

Reply to:

Follow-Ups:
- Re: branding debian releases
  - From: Kent West <westk@acu.edu>

References:
- Re: branding debian releases
  - From: "Monique Y. Mudama" <spam@bounceswoosh.org>
- RE: branding debian releases
  - From: "Simmel" <simmel@anymotion.de>
- Re: branding debian releases
  - From: Chris Metzler <cmetzler@speakeasy.net>
- Re: branding debian releases
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: branding debian releases
  - From: "Benedict Verheyen" <linux4bene@pandora.be>
- Re: branding debian releases
  - From: "s. keeling" <keeling@spots.ab.ca>

Prev by Date: php4-cgi
Next by Date: Re: NIC War
Previous by thread: Re: branding debian releases
Next by thread: Re: branding debian releases
Index(es):
- Date
- Thread