On 2003.09.16, Stephen Frost <[EMAIL PROTECTED]> wrote: > > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we > > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or > > will this security fix be applied to sarge as well? > > There's at least a version on incoming.debian.org which has the version > for unstable. I don't know what to tell you about testing/sarge. I'm > sure it will be in before release but beyond that I've no idea when it > will make it into testing.
Eek. So, if we want to run secure systems, we either have to run unstable (and all the troubles that comes with) or stable? I find that "testing" is a good middle ground for a reasonably stable system but with reasonably up-to-date packages, so that's why I run it. Running "stable" involves hand-managing way too many packages that I do need more recent versions, and "unstable" involves way too many troubles if I apt-get update without carefully inspecting what's being updated, which I don't have the time for. :-( poop. Guess I'll go the deb-src route and hand-patch, I guess. Not what I wanted to do today ... ;-) -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
