Re: Clarification concerning security of testing on a laptop
I'm not sure where you got this idea. Testing does not get security
updates like Stable does, but I don't believe I would categorize the
running of Testing as "horrendously insecure".
First up, I'm running testing on my laptop & want some clarification
regarding how secure this is. I know it is not monitored in any way for
security problems & as such security problems are not fixed on it -
however stable is no good to me since my laptop won't boot any 2.4
kernels, and I like/need to use fairly up-to-date software.
What I don't understand is why it is so horrendously insecure to run
Assuming the fix makes it into the next version that gets into Testing,
that's pretty much correct.
- as I understand it when a vulnerability is found, a new
version of the program is normally released which fixes the problem.
This new version is built by the debian team & put into unstable and
then after a bit (do I remember reading somewhere that it used to take
10 days but is now more like 2?) migrates into testing. Surely that
means the longest you're likely to be vulnerable is 10 days?
My personal opinion? Skip Testing and go straight to Sid. You have more
chance of breakage (although it's been very rare in my experience (about
3 years now)), but said breakage also tends to get fixed within hours
instead of 10 days. Same for vulnerabilities. As soon as a vulnerability
is found, if the developer/maintainer of that package is on the ball,
the fix will be in Sid very quickly, perhaps even before it makes it
into Stable. You also get newer toys to play with.
I appreciate this is useless for a server, and you've no recourse if you
then get hacked as a result of running vulnerable software, but I don't
see that it is a matter of being totally vulnerable. Surely it's a
matter of being vulerable for a few days longer than if you were running
stable - something that I would be willing to live with if it let me run
debian on my laptop with up-to-date software.