Re: [backports & security]

To: debian-user@lists.debian.org
Subject: Re: [backports & security]
From: "Felix C. Stegerman" <flx@obfusk.net>
Date: Sun, 4 Jun 2006 17:27:17 +0200
Message-id: <[🔎] 20060604152717.GB5474@flx.demon.nl>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 447EFAAA.8040007@familiasanchez.net>
References: <20060601043321.GA5381@flx.demon.nl> <20060601064111.GA27488@abcreek.wisequackranch.com> <[🔎] 20060601065847.GB4988@flx.demon.nl> <[🔎] 447EE4CC.8020803@familiasanchez.net> <[🔎] 20060601140613.GC5559@flx.demon.nl> <[🔎] 447EFAAA.8040007@familiasanchez.net>

* "Roberto C. Sanchez" <roberto@familiasanchez.net> [2006-06-01 16:33]:
> Felix C. Stegerman wrote:
> > 
> > I'm running unstable on my desktop (well, actually a laptop), so I'm
> > accustomed to the occasional breakage and could probably live with it.
> > 
> > I'm just reluctant to use unstable on a production server connected to
> > the internet, because I don't want to leave the server (potentially)
> > vulnerable.
> > 
> > If, however, security updates to unstable are reliable enough, I would
> > seriously consider using it (and test upgrades on my laptop first).
> > 
> > Would you say unstable is reliable enough to use on a production
> > server that can handle occasional downtime?  Without any unnecessary
> > risk of leaving it open to vulnerabilities?
> 
> Personally, I stick to stable servers since I don't have time to babysit
> them through frequent dist-upgrades.  If you need only a few more recent
> packages, then stable+backports is probably your best bet.  If you need
> lots of new packages, then unstable might work for you.  However, you
> must realize that many (nearly all) Debian developers are volunteers
> (i.e., their employers do not pay them to work on Debian full time) and
> so packages can fall behind upstream releases because the maintainer
> gets busy.
> 
> For a good example of this, see http://bugs.debian.org/src:cyrus-sasl2
> 
> The cyrus-sasl2 package is arguably a very important package.  However,
> it is now something like three or four minor versions behind upstream
> and has a ton of bugs.  That is not a good situation and the maintainer
> has recently orphaned it.  However, there is enough attention from other
> Debian developers that at least security issues are resolved.
> 
> I would be careful of using a server running on unstable that uses
> packages which have been orphaned, as those are generally the least
> likely to receive attention.

As I replied to Johannes Wiedersich, I've decided to go with stable
and do some backports myself.

Many thanks for your insights.



- Felix

-- 
Felix C. Stegerman <flx@obfusk.net>                  http://obfusk.net
~ "Any sufficiently advanced bug is indistinguishable from a feature."
~   -- R. Kulawiec
~ vim: set ft=mail tw=70 sw=2 sts=2 et:

Attachment: pgpiq55MZVtWs.pgp
Description: PGP signature

Reply to:

References:
- Re: [backports & security]
  - From: "Felix C. Stegerman" <flx@obfusk.net>
- Re: [backports & security]
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: [backports & security]
  - From: "Felix C. Stegerman" <flx@obfusk.net>
- Re: [backports & security]
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

Prev by Date: Re: [backports & security]
Next by Date: Re: is it a bad idea to use unstable on a server ?
Previous by thread: Re: [backports & security]
Next by thread: Re: [backports & security]
Index(es):
- Date
- Thread