Stefan Monnier wrote: > > - software updates that run as root (including Debian updates) > > can run anything else as root > > So, maybe a more relevant discussion is: what will happen when a Debian > stable security update comes with a "big blunder" that crashes the most > machines in early boot? > > Admittedly, the wider variety of Debian installs might make the "most" > above much less likely, but it's still something that can > definitely happen. > > What does Debian do to try and avoid that, and what do *we* (Debian > users) do to try and mitigate that?
Testing is necessary but not sufficient. If you can afford to have a spare machine or a spare VM that gets upgraded a few days before your other machines do, and test the heck out of that. At sufficient scale -- a scale which is within the reach of increasingly many people as storage costs continue to reduce -- we can keep our own mirrors of upstream. -dsr-
