Re: Debian sarge and production servers is it ready on 12/26/2004?

[Brian Nelson <pyro@debian.org>]

On Mon, Dec 27, 2004 at 12:54:01AM -0500, Mitchell Laks wrote:
> On Monday 27 December 2004 12:32 am, Roberto Sanchez wrote:
> > I think the issue is that packages are not directly uploaded to testing.
> > So it is possible to have version X of package A installed in testing.
> >...
> > If a serious or grave bug is filed, the package simply will not make it
> > into testing.  Likewise, if the package fails to build for *any* of
> > the supported Debian architectures, it will not go into testing (unless
> > it as architecture specific package, like a kernel).  You could
> > potentially be running insecure software for an indefinite period of
> > time.
> >...
> > team.  Thus, updates will be made as quickly as feasible.  You simply do
> > not have this guarantee with unstable or testing (except when testing
> > gets security team support in preparation for release).
> 
> Thank you so much Roberto for you  clarification of the process. I wonder,  as 
> we get closer and closer to a sarge release, will using Sarge become less 
> risky? I see for instance that Stanford University has begun using some 
> debian sarge servers (1). Will there be major structual revisions before 
> sarge release, or are we getting more and more settled structurally?
> Mitchell  
> (1) http://www.eyrie.org/~eagle/writing/debian-server.html

Until sarge gets security support, it's utterly unfit for any "server"
use.  Really it shouldn't be used on any system that goes anywhere near
the internet.

-- 
For every sprinkle I find, I shall kill you!