Sam Kuper wrote:
2008/8/27 Chris Bannister <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>:
> On Tue, Aug 26, 2008 at 03:30:37AM +0100, Sam Kuper wrote:
>> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter
>> in Etch to version 1.3.2. <http://1.3.2.> If successful, this would
undoubtedly be the
>> best solution. Dear Micah and Julien, how about it? Sysadmins will
>> love you even more than they do already! :)
>
> Not a chance. Why do you think its called "stable"?
Perhaps naively, I thought it was called "stable" because it was for
systems that had to be stable, stable in this case meaning reliable.
To me, this suggests that stable releases should not have the latest
toys packaged (most people don't need a Mozilla Ubiquity beta on their
production servers), nor even necessarily the latest utilities, in
order to minimise potential conflicts between packages. What it should
have, however, are up-to-date security packages. A rooted server is
not a stable one: it could be brought down, outside of its sysadmin's
control, at any minute.
Maybe I was wrong to think that the priority is that the computer on
which the OS is installed is stable (reliable), and not that the OS
itself is stable (unchanging).
Furthermore, even on the latter interpretation of the significance of
calling the release "stable", isn't it the case that Etch still
includes security fixes? Well, if in order to run rkhunter - a program
which can be important to maintaining a system's security - a download
is needed that is no longer available and isn't included in the
"stable" package, shouldn't that be fixed? I think it should, which is
why I wrote the email that generated this thread.
The way Debian does it this is the same as virtually every other major
Linux distro - Suse/OpenSuse, Redhat, Fedora, Mandriva, Ubuntu etc. That
is they release a new distro version every X months, in Debian-speak
these are called 'stable' releases, and then provide *backported*
security and bug fix updates for however long that version is in
support. These fixes are backported into the version of each package
that was released with the distro to ensure stability - as no new
features are being added the behaviour of the packaged software
shouldn't change. But you still get the benefit of security and bug
fixes so you get both a stable system (as in the behaviour of the
software on it is consistent) and a secure one (up-to-date on all
security patches).
The tradeoff of course is that you don't get the latest versions of
every package that's just been released. It's alright to think about
upgrading one package to the latest version but when you have 20,000 or
so, all constantly changing and on the bleeding-edge version you
wouldn't have a very usable distro. It looks like your environment
requires you to use new features in the latest version of this package
so you should just use that package from lenny - mixing one or 2
packages from lenny isn't going to cause any harm.
Tim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
