Re: apt-listbugs and security

[amacater@galactic.demon.co.uk (Andrew M.A. Cater)]

On Thu, Jan 12, 2006 at 09:25:24AM +0100, Mauro Sanna wrote:
> > I'm not trying to discourage you from using Debian, it's great, but
> > you may want to look at the next release of Ubuntu Server, which will
> > have security support for five years.
> 
> But using debian sarge for servers is secure or not?
> 
Using Debian is as secure as using any other Linux. Debian has an
active security team and fixes bugs. Your degree of risk depends
on what services you run and on how you configure your servers.
If your services are open to others - e.g. selling web hosting -
your risk increases to how insecure they are :(

The next release of Ubuntu Server, which is scheduled to have
five years security support, isn't due out until October.
Debian "stable" / Sarge shuld be fine for most purposes -
_you_ need to assess _your_ risk, look at the applications you're
running and, potentially, screen apt-listbugs and similar output
to see what affects you.

Read a security related mailing list if it will help: the RISKS Forum
digest (Google for it) is quite useful.

HTH,

Andy