Tim said:
If you think testing or unstable is suitable for production systems you are one of
1. an idiot 2. have very limited needs/no experience 3. talking out of your ass 4. have no concept of what it means to be responsible for others' work
Even Sarge? I need something more up to date then woody, for my postgresql and need the integration that sarge provides, vs backports + woody. Is Sarge that dangerous on 12/26/2004? I want others opinions. I have 2 servers running sarge 24/7 right now (for last 3 weeks.... just installed). Mitchell
I think the issue is that packages are not directly uploaded to testing. So it is possible to have version X of package A installed in testing. Tomorrow a security vulnerability in version X is announced. The day after, the package maintainer has uploaded an updated version to unstable.
Now the waiting begins. Packages must be in unstable for 10 days with no critical or grave bugs (IIRC) before they transition to testing. That means that for a minimum of 10 days, you are running vulnerable software (thinkk phpBB). If within that 10 day window a newer version is uploaded to unstable, the clock restarts on the new version. If a serious or grave bug is filed, the package simply will not make it into testing. Likewise, if the package fails to build for *any* of the supported Debian architectures, it will not go into testing (unless it as architecture specific package, like a kernel). You could potentially be running insecure software for an indefinite period of time.
This assumes that the maintainer actually keeps up with upstream development. Many actually do this, but there are maintainers that let their packages rot. For a stable release the maintainers are involved, but the ultimate responsibility rests with the Debian security team. Thus, updates will be made as quickly as feasible. You simply do not have this guarantee with unstable or testing (except when testing gets security team support in preparation for release).
HTH,
-Roberto
signature.asc
Description: OpenPGP digital signature
