On Tue, Jan 04, 2005 at 02:58:42PM -0500, [EMAIL PROTECTED] wrote: > > I would strongly caution against using Sarge for a production system > until there is security team support. See this message I posted to d-u > when someone pointed out that they were running sarge on some servers: > > http://lists.debian.org/debian-user/2004/12/msg03846.html >
Interesting. Recently, I've started using testing on production servers. I subscribe to debian-security (+ d-s-announce) and get reports whenever there's anything released. I know what is installed on my boxes, so I know if this announcement affects me. If it's been put into unstable, I'll backport the change myself. If it's not, Then I'll have a look at upstream's solution, and patch as required. Recently, I did have a box rooted. This was due to a user running phpbb on the system, without me knowing, despite the policy of no software without clearance from me. There's also not necesarrily a 10 day waiting period if the urgency is set high. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
