On Mon, May 25, 2009 at 11:49:26AM -0700, john wrote: > Hi all, > > Perhaps this is a "it depends..." kind of question but here it goes: > > I manage several Debian boxes running Etch and Lenny. I installed > Debian because I want long term stability and support for the > applications > running on the servers. After I build a box and get my applications > tweaked I usually comment out everything except the security entries > like so: > > cat /etc/apt/sources.list > > #deb http://ftp.us.debian.org/debian/ etch main > #deb-src http://ftp.us.debian.org/debian/ etch main > > deb http://security.debian.org/ etch/updates main contrib > deb-src http://security.debian.org/ etch/updates main contrib > > The recent key-change forced me to use the main stable repos to get > the new keys (e.g apt-get install debian-archive-keyring ) > . and got me thinking... > > Is the approach I outlined the "best" way to maintain the security and > stability of these box's or should I really be using the main > repositories as well?
We maintain local mirrors of the main and security repos for the varieties of Debian we use (Etch and Lenny in i386 and AMD64 flavors) plus a local repo of our own packages. All this can be considered staging: we can pull from it for a test box, and if it goes well, move the package into our production repo. This costs a bit in disk space (but not so much as it once did!) and saves a bit in bandwidth, which is really pronounced as "works faster when we need it". -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't defend freedom by getting rid of it. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
