[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to keep debian current??

Hi,

On Tue, May 18, 2010 at 12:11:20PM -0400, John A. Sullivan III wrote:
> On Wed, 2010-05-19 at 00:34 +0900, Osamu Aoki wrote:
> > On Mon, May 17, 2010 at 11:07:10AM -0500, Mark Allums wrote:
> > > On 5/17/2010 10:43 AM, Andrei Popescu wrote:
> > > >On Mon,17.May.10, 10:29:57, Mark Allums wrote:
> > > >
> > > >>Backwards.  Sid gets no security, AT ALL.  Testing get some.
> > > >
> > > >If some issue is fixed for stable the fix is also applied for unstable,
> > > >unless the maintainer is unresponsive or so. In practice this means that
> > > >unstable can be in better shape then testing at times.
> > > >
> > > >Regards,
> > > >Andrei
> > >  
> > > Thank you.  This is contrary to what the main Debian site says in
> > > multiple places, but it is plausible.  Good to know.
> > 
> > Could you be more specific where you saw them or where you got this
> > impression?  So we can make corrective action to reduce confusion.
> > 
> > (Sid gets no corresponding "security" repository like
> > stable/updates nor testing/updates because we can upload directly to it
> > any time.)
> > 
> > I am thinking to add text to Debian reference to reduce such confusion.
> > 
> > Now:
> > If "sid" is used in the above example instead of "lenny", the "deb:
> > http://security.debian.org/ …" line for security updates in the
> > "/etc/apt/sources.list" is not required. Security updates are only
> > available for stable and testing (i.e., lenny and squeeze).
> > 
> > (I should have explained better.)
> > 
> > New:
> > If "sid" is used in the above example instead of "lenny", the "deb:
> > http://security.debian.org/ …" line for security updates in the
> > "/etc/apt/sources.list" is not required. This is because "sid"
> > (unstable) is always updated whenever security issues are fixed.  There
> > is no need to have a separate security update archive for "sid".
> <snip>
> Hmm . . . to someone not more familiar with Debian practices, the new
> version seems more confusing. 

????

>  I would read that and think that Sid is
> very secure because it always has the latest security fixes.  

Yes, that what I mean.  This is true.

>  If that's
> not what we mean, then perhaps the current version needs only slight
> revision for clarity, e.g.,

English improvement welcome along the reality.

Sid is secure since security team usually upload fixed packages to both
stable/updates and unstable. (Or simply uploading updated upstream fixes
unstable whilr stable needs DD to fix by a special patch.) 

They tries or trying to do the same for testing but resource limitation
is holding them back.
Reply to: