[plug] Debian Security Updates

Harry harrymc at decisions-and-designs.com.au
Thu Oct 7 23:36:10 WST 2004


On Thu, 07 Oct 2004 11:22:35 +0800 Tim White <weirdo at tigris.org> wrote:

> I'm running testing so my solution was to remove all servers but 
> security and then do an upgrade then place the other servers back in.
> Works fine. Is there a more elegant solution?

Um .. I think there are actually no solutions Tim.

As I understand the debian releases, testing does not have security
updates. Providing them is a discussion that comes around on the security
list periodically and fades away again.

More clued debianites can correct me but I though the rationale goes
something like this:

When a problem is found in stable (woody atm) a patch is released into
the security server. By normal progression of unstable, the same
security patch flows into sid pretty promptly.

Because testing only sees patches flow in from sid if no major bugs
are reported for say (two weeks?) then testing either receives the
update several weeks later (before which an exploit is possible on
a testing server if it is exposed to the larger net) or _worse_ a bug
or dependency on other packages or some other reason may delay the
patch reaching testing for some time; leaving the machine
exploitable.

This is the argument for running either stable or hanging all
ten toes by running on the edge with unstable. All that said,
I'm about to go to testing RealSoonNow but with the above caveat.
Subscribe to debian security and keep an eye on what's going on.

Someone can correct me now I've typed all this :)

Harry

-- 
Are you a computer angel?	http://www.computerangels.org.au/



More information about the plug mailing list