david cuthbertson wrote:
Hi, What am I to do with the bug reports I regularly receive from apt-listbugs when installing or upgrading debian packages? I installed Debian Sarge because I am a relative beginner and didn't want to worry about OS and application security issues. Now I administer a Media-Wiki based site, security has become more important. I have just installed apt-listbugs and discovered lots of grave and critical bugs with many security critical packages such as sudo, ssh. I chose Debian Stable because I thought it would be just that. Is there a *really* stable and secure Debian fork - suitable for users with only middling expertise? Cheers, Dave
Yes I think you are save to consider Sarge a secure Debian fork (anyway the unstable and especially the testing branches are more likely to have unfixed bugs, by design (latest-and-greatest simply has not had a lot of time of testing yet))
There are two things I want to say on apt-listbugs:1. you should read carefully what it says, many times most of the printed reports are marked <done>, meaning the bug-report has been flagged as fixed (which should mean the problem has been dealt with) I think you'll probably find there aren't many open bugs on the packages you just named; 2. Unfortunately, apt-listbugs seems to indicate many dead bug-reports as open (some very dated, originating from some time before the sarge release!) I have not investigated yet, but I'd like to hear if there is a way to filter out dated reports
HTH, Joris