[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Clarification concerning security of testing on a laptop



Hi,

I know these type of questions are asked a lot but there's a couple of
things I don't get & I haven't been able to find an answer using google
or searching the message archives.

First up, I'm running testing on my laptop & want some clarification
regarding how secure this is.  I know it is not monitored in any way for
security problems & as such security problems are not fixed on it -
however stable is no good to me since my laptop won't boot any 2.4
kernels, and I like/need to use fairly up-to-date software.

What I don't understand is why it is so horrendously insecure to run
testing - as I understand it when a vulnerability is found, a new
version of the program is normally released which fixes the problem.
This new version is built by the debian team & put into unstable and
then after a bit (do I remember reading somewhere that it used to take
10 days but is now more like 2?) migrates into testing.  Surely that
means the longest you're likely to be vulnerable is 10 days?

I appreciate this is useless for a server, and you've no recourse if you
then get hacked as a result of running vulnerable software, but I don't
see that it is a matter of being totally vulnerable.  Surely it's a
matter of being vulerable for a few days longer than if you were running
stable - something that I would be willing to live with if it let me run
debian on my laptop with up-to-date software.

Thanks for any clarification or thoughts!



Reply to: