Felix C. Stegerman wrote: > > I'm running unstable on my desktop (well, actually a laptop), so I'm > accustomed to the occasional breakage and could probably live with it. > > I'm just reluctant to use unstable on a production server connected to > the internet, because I don't want to leave the server (potentially) > vulnerable. > > If, however, security updates to unstable are reliable enough, I would > seriously consider using it (and test upgrades on my laptop first). > > Would you say unstable is reliable enough to use on a production > server that can handle occasional downtime? Without any unnecessary > risk of leaving it open to vulnerabilities? Personally, I stick to stable servers since I don't have time to babysit them through frequent dist-upgrades. If you need only a few more recent packages, then stable+backports is probably your best bet. If you need lots of new packages, then unstable might work for you. However, you must realize that many (nearly all) Debian developers are volunteers (i.e., their employers do not pay them to work on Debian full time) and so packages can fall behind upstream releases because the maintainer gets busy. For a good example of this, see http://bugs.debian.org/src:cyrus-sasl2 The cyrus-sasl2 package is arguably a very important package. However, it is now something like three or four minor versions behind upstream and has a ton of bugs. That is not a good situation and the maintainer has recently orphaned it. However, there is enough attention from other Debian developers that at least security issues are resolved. I would be careful of using a server running on unstable that uses packages which have been orphaned, as those are generally the least likely to receive attention. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
signature.asc
Description: OpenPGP digital signature