On Wed, 13 Mar 2002, Patrick Hsieh wrote: > Sometimes, you know, there'll be security advisory or update packages > available, say openssh or libzip, and you need to immediately update > your production machines to aviod known vulnerability. However, you > can't just apt-get upgrade if you do not run the stable release. > > What method is recommended to keep the testing or unstable release > update and free from security vulnerability?
Not sure I really understand your problem here, Patrick. I do an apt-get -u dist-upgrade on my quarantine box every night to upgrade testing (I actually use a testing-specific sources.list rather than pinning), but either way will work for you. If it's an urgent upgrade, do a very quick test on your quarantine box to ensure that nothing breaks; then an almost immediate upgrade of the appropriate packages to the production box. [I also have the following line in my sources.list: deb http://security.debian.org/ stable/updates main contrib non-free ] Whether you decide to run dodgy combinations of unstable/testing/stable packages to get round temporary security fixes is up to you. (I have done in the past; and got away with it. But I don't advise it.) HTH -- Martin Wheeler <[EMAIL PROTECTED]> gpg:1024D/01269BEB the.earth.li -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
