* "Roberto C. Sanchez" <roberto@familiasanchez.net> [2006-06-01 16:33]: > Felix C. Stegerman wrote: > > > > I'm running unstable on my desktop (well, actually a laptop), so I'm > > accustomed to the occasional breakage and could probably live with it. > > > > I'm just reluctant to use unstable on a production server connected to > > the internet, because I don't want to leave the server (potentially) > > vulnerable. > > > > If, however, security updates to unstable are reliable enough, I would > > seriously consider using it (and test upgrades on my laptop first). > > > > Would you say unstable is reliable enough to use on a production > > server that can handle occasional downtime? Without any unnecessary > > risk of leaving it open to vulnerabilities? > > Personally, I stick to stable servers since I don't have time to babysit > them through frequent dist-upgrades. If you need only a few more recent > packages, then stable+backports is probably your best bet. If you need > lots of new packages, then unstable might work for you. However, you > must realize that many (nearly all) Debian developers are volunteers > (i.e., their employers do not pay them to work on Debian full time) and > so packages can fall behind upstream releases because the maintainer > gets busy. > > For a good example of this, see http://bugs.debian.org/src:cyrus-sasl2 > > The cyrus-sasl2 package is arguably a very important package. However, > it is now something like three or four minor versions behind upstream > and has a ton of bugs. That is not a good situation and the maintainer > has recently orphaned it. However, there is enough attention from other > Debian developers that at least security issues are resolved. > > I would be careful of using a server running on unstable that uses > packages which have been orphaned, as those are generally the least > likely to receive attention. As I replied to Johannes Wiedersich, I've decided to go with stable and do some backports myself. Many thanks for your insights. - Felix -- Felix C. Stegerman <flx@obfusk.net> http://obfusk.net ~ "Any sufficiently advanced bug is indistinguishable from a feature." ~ -- R. Kulawiec ~ vim: set ft=mail tw=70 sw=2 sts=2 et:
Attachment:
pgpiq55MZVtWs.pgp
Description: PGP signature