In <[🔎] 20090416152722.GA23973@greedo>, Michael Pobega wrote: >On Thu, Apr 16, 2009 at 09:50:46PM +0700, Sthu Deus wrote: >> Is it secure to use testing/backport repos for production server? >Realistically, the most 'secure' choice would be to use stable with >backports, No, it would be stable plus security. >but most things are still outdated. They are stable (i.e. mostly unchanging) throughout the release cycle, yes. >And for a production >environment you need up-to-date software; Not really. You need the software to have security bugs fixed and have critical bugs that affect you addressed, both of which are done with stable. Sometimes you may want to pull individual packages from stable-proposed- updates, if one of the fixed release critical bugs affects you and you don't want to want for the release to be updated. You may want to pull select packages from testing or unstable or even experimental, if you need features that were not in the latest release. However, you may need to invest more effort in supporting those packages yourself. I recommend stable+security+volatile for production servers. If you need newer versions than are in stable, then I recommend a mixed system: pin stable+security+volatile at priority 900. Then until you have the package version you need add, in order: backports at priority 800 testing+security[1] at priority 700 backports/testing (usually empty, if available at all) at priority 600 unstable at priority 500 experimental at priority 300 -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/ [1] I'd like to say testing+security+volatile, but last time I check the Release file for testing/volatile incorrectly claimed to be "stable", which caused pinning problems.
Attachment:
signature.asc
Description: This is a digitally signed message part.