Security under testing/unstable
Hi All,
I'm certain this question has been asked over and over again here. My
apologies if I'm asking something blatantly obvious.
I really like stable. It's old, but it's secure. Unfortunately, stable is
showing its age lately, and many packages I need are just not there. This
forces me to move some of my servers to testing or unstable.
The problem with this approach is that I lose for good the beauty of "apt-get
upgrade". My idea is to upgrade *only* the packages that have security
issues. Naturally, apt-get has a different idea and will upgrade any
package with a higher version number, which may lead to different behavior
in production servers. The solution I have at the moment is to monitor
debian-security and manually upgrade the packages I need.
I'm looking for alternatives to my problem. One option is a program that
scans the security reports and generates a list of "insecure" packages
installed in the system. This would be fairly easy to code if debian-security
had a machine-readable list of compromised packages and the version fixing
the hole.
I'd really like to know how other people manage security outside stable.
Regards,
Paga
--
Marco Paganini | UNIX / Linux / Networking
paganini@paganini.net | PGP: http://www.paganini.net/pgp/
http://www.paganini.net | Magnus Frater te spectat...
Reply to: