* Lars Wirzenius <liw@iki.fi> [2003-01-31 14:11]:
> Given that many people interpret this as meaning "a stable version of
> unstable" I think it would be good to add some words about the security
> risk involved when running testing. Perhaps something like this:
>
> Testing does not get security updates in a timely manner. It is not
> a good idea to use testing if security is an issue (e.g., if the
> machine is connected to the Internet).
It is not a good idea to use anything else than stable if security is
an issue. That is what is always said. There is even the security faq
which is linked in _ever_ DSA that we send out:
<http://www.debian.org/security/faq> -- especiall the following entry:
<http://www.debian.org/security/faq#testing>
If people don't read the DSAs why do you think they would read it on a
different location?
> It was a bit of a surprise to me when the security issue was pointed
> out, even though I should've known better. I have the impression that
> this is a common mistake, so it makes sense to point it out more
> prominently.
Do you think the releases pages are more prominently than the
security-faq? At least it might do no harm to add it. But it should
also be added to the unstable page as like.
> (Descriptions of testing may occur on other places as well, but I was
> too lazy to search, since I assume the web page developers can easily do
> a recursive grep.)
I don't see much sense to add it anywhere, that doesn't really help. It
would just bloat all those pages and lead to people not reading even
more because they are slaped by the size of that pages.
But that's just my thoughts, you know.
Alfie
--
[It is] best to confuse only one issue at a time.
-- K&R
Attachment:
pgpDEyzQvkW5m.pgp
Description: PGP signature