| Jeff Abrahamson on 20 Aug 2004 09:04:02 -0000 |
|
On Thu, Aug 19, 2004 at 12:42:09PM -0400, sean finney wrote: > > > this is why i usually recommend either a stable/testing mix > > > (where a small number of packages are selectively pulled in from > > > testing, and the remaining packages are still tracking > > > security), or a testing/unstable mix (where packages are pulled > > > in from unstable on an as-needed basis). > > > > Assuming you'd upgrade daily or even notice the security alert > > that fast. Most people probably will hear about a security > > problem only a few days later. > > within a few days the update has typically already made its way into > testing, and it would certainly be in sid. i'd like to point out > that this class of users is not for whom the stable security > infrastructure was designed. if you don't have something like > cron-apt regularly checking for updates, if you're not subscribed to > debian-security-announce, and you rely on updates via the periodic > "when you feel like it" method (or the "read about it on slashdot" > method), what exactly does stable's security infrastructure get you? Precisely. My point is that testing vs unstable isn't a big security issue for most people. -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> +1 215/837-2287 GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B A cool book of games, highly worth checking out: http://www.amazon.com/exec/obidos/ASIN/1931686963/purple-20 Attachment:
signature.asc
|
|