Re: [backports & security]
Felix C. Stegerman wrote:
> Do you know what would be the best way to make sure I don't miss any
> of those updates? If I backport e.g. mysql from unstable/testing,
> will I be able to rely on security announcements to debian-security,
> or do I need to check for new vulnerabilities upstream?
Just looking up http://www.de.debian.org/security/faq
"Security breakage in the stable distribution warrants a package on
security.debian.org. Anything else does not. "
"Q: How is security handled for testing and unstable?
A: The short answer is: it's not. Testing and unstable are rapidly
moving targets and the security team does not have the resources needed
to properly support those. If you want to have a secure (and stable)
server you are strongly encouraged to stay with stable. However, work is
in progress to change this, with the formation of a testing security
team which has begun work to offer security support for testing, and to
some extent, for unstable."
If security and reliability are important, I'd stick to stable. Period.
It's always a difficult decision between 'I'd rather have xxx' and
security. If reliability is important, I would rather stick to stable,
I'm more concerned about security than reliability. I can handle
occasional downtime if something breaks, but I'd rather avoid my
system being compromised.
I meant to write "reliability AND security".
About 'occsional downtime': If it's a server that is supposed to be
online 12 month per year, you should also consider the implications of a
downtime while you are on vacation or have other important things to do ;-)