Well, the version number of sendmail in stable (just one example) seems to be pretty old - 8.12.3. There are known exploits (buffer overflows, etc.) against that version. The version in testing is 8.13.1 is much newer. Similar thing with mod-ssl, 2.8.9 vs. 2.8.20. I know a lot of security fixes to make it into woody pretty quickly but this is two examples of key services that do not appear to be current.
Joe -----Original Message----- From: John Hasler [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 11:08 AM To: debian-user Subject: Re: faq on choosing a debian distribution - draft 1 Joe writes: > I do not think stable is necessarily the best if you are very concerned > about security. Packages with recent security fixes can take time to > make it into stable. Stable gets backported security fixes very promptly. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
