On Wed, Nov 17, 2004 at 03:45:43PM -0500, Carl Fink wrote: > On Wed, Nov 17, 2004 at 01:22:44PM -0000, michael wrote: > > I initially went for 'stable' (woody) but it was too out of date for my > > Ethernet card & hard drive. I've now installed 'testing' (sarge) and have > > followed recommendations in the "Securing Debian Manual". However, I've > > been warned that there are no security updates for 'testing'. I also see > > hints on this list that 'sarge' is about to be the new 'stable' (although > > I'm unsure how & when!) from which I infer that there will soon be > > security updates for 'sarge'. Therefore, I think I'm as well staying with > > 'sarge' rather than moving to 'unstable' (sid), particularly in light of > > the above ''sed'' problem (as an example). > > Nobody knows when Sarge goes stable. Speculation was December. I'd > bet on March, if I were a betting man. It's all guesswork, though, > even the release manager can't (and shouldn't) give a date now. > > I recommend Sarge over Sid, but it's based on only one person's > experience with a couple of computers, so don't take it too > seriously. Because it's nearly-stable, Sarge is getting security > updates in a very timely fashion just now.
Why would you think that? First of all, the sarge security autobuilders are still not yet functional, which is the biggest thing holding back the release. Second of all, there are still many open security holes in testing: http://lists.alioth.debian.org/pipermail/secure-testing-team/2004-November/000000.html Based on data I've seen, testing typically has around 50-100 open security vulnerabilities at any time. That number is a little lower now because we're so close to release, but there are still around 30. -- For every sprinkle I find, I shall kill you! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
