On Thursday 01 June 2006 07:26, Felix C. Stegerman wrote: > * Paul Johnson <[EMAIL PROTECTED]> [2006-05-27 01:07]: > > > So it comes down to: > > > * Is it a bad idea to use unstable on a production server > > > when it comes to security? > > > > Possibly to probably yes (the answer for stable would be "no"). > > > > > * If so, would you recommend using testing, or stable? > > > > Stable. > > > > > * And does anyone with experience running unstable on production > > > servers know of any other caveats I should be aware of? > > > > Don't do it unless you want to babysit it constantly and do a lot of > > reading in your free time to keep track of development and latest > > bugs a lot more carefully than you otherwise would. > > So just keeping up with debian security announcements wouldn't be > enough? I would have to actively monitor security issues for the > services the server provides?
Given that's one of the things the development cycle is supposed to find, yes, security announcements aren't necessarily enough, you need to keep your eyes peeled as well. > Or would it be enough to make sure I > keep the server up-to-date and occasionally take it down to fix some > debian-unstable-induced breakage to keep it secure? On unstable, be prepared for any dist-upgrade to hose something badly and in a way that will be difficult to back out of. -- Paul Johnson Email and IM (XMPP & Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber
pgpsRavvbbYzC.pgp
Description: PGP signature
