[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [backports & security]



* "Roberto C. Sanchez" <roberto@familiasanchez.net> [2006-06-01 16:33]:
> Felix C. Stegerman wrote:
> > 
> > I'm running unstable on my desktop (well, actually a laptop), so I'm
> > accustomed to the occasional breakage and could probably live with it.
> > 
> > I'm just reluctant to use unstable on a production server connected to
> > the internet, because I don't want to leave the server (potentially)
> > vulnerable.
> > 
> > If, however, security updates to unstable are reliable enough, I would
> > seriously consider using it (and test upgrades on my laptop first).
> > 
> > Would you say unstable is reliable enough to use on a production
> > server that can handle occasional downtime?  Without any unnecessary
> > risk of leaving it open to vulnerabilities?
> 
> Personally, I stick to stable servers since I don't have time to babysit
> them through frequent dist-upgrades.  If you need only a few more recent
> packages, then stable+backports is probably your best bet.  If you need
> lots of new packages, then unstable might work for you.  However, you
> must realize that many (nearly all) Debian developers are volunteers
> (i.e., their employers do not pay them to work on Debian full time) and
> so packages can fall behind upstream releases because the maintainer
> gets busy.
> 
> For a good example of this, see http://bugs.debian.org/src:cyrus-sasl2
> 
> The cyrus-sasl2 package is arguably a very important package.  However,
> it is now something like three or four minor versions behind upstream
> and has a ton of bugs.  That is not a good situation and the maintainer
> has recently orphaned it.  However, there is enough attention from other
> Debian developers that at least security issues are resolved.
> 
> I would be careful of using a server running on unstable that uses
> packages which have been orphaned, as those are generally the least
> likely to receive attention.

As I replied to Johannes Wiedersich, I've decided to go with stable
and do some backports myself.

Many thanks for your insights.



- Felix

-- 
Felix C. Stegerman <flx@obfusk.net>                  http://obfusk.net
~ "Any sufficiently advanced bug is indistinguishable from a feature."
~   -- R. Kulawiec
~ vim: set ft=mail tw=70 sw=2 sts=2 et:

Attachment: pgp08puuWZ6H3.pgp
Description: PGP signature


Reply to: