Andrea Glorioso ([EMAIL PROTECTED]) wrote on 11 February 2001 11:07: >>>>>> "Laz" == Lazarus Long <[EMAIL PROTECTED]> writes: > > Laz> Something seems "not quite right" with choosing > Laz> woody/testing, as "safer" than sid. > >If you want security, stick with potato. Bleeding-edge software (or >near bleeding-edge software) rarely can give you the kind of >security assurance that you need if you put a security.debian.org >line in your /etc/apt/sources.list.
But it would if security patches were incorporated in testing as well. So I agree with Laz that it's a design bug. Note that we're talking about security-relevant packages, which are a small portion of the total. A question: with the change to the pool directories, is testing on the new scheme or only unstable? Another IMPORTANT question, how can it be that packages have newer versions in testing than unstable, eg. man-db???? I'm really lost with all of this. I usually upgrade using dftp, configured to look at dists/woody/main, dists/woody/contrib, dists/woody/non-free from ftp.us.debian.org. I recently tried to use apt via dselect, and it gets older versions of packages!! It reports many "obsolete" installed packages because the versions it gets are older than the installed ones :-( It's not a config problem in apt, I checked it looking at the Packages file with the browser... I'm sending this to the sec list because it has security implications, eg. the man-db affair.
