On Wed, Aug 17, 2005 at 01:01:20AM -0500, [EMAIL PROTECTED] wrote: > Now, I'm far from an expert, and I'm still fairly new to Debian (less > than a year), but it seems like something needs to change. I don't > want to run Unstable on my computer, but I don't want to be stuck with > vulnerable browsers either.
Sorry, but AFAIK those two wishes are incompatible. Well, you can go with the stable distribution, like I'm happily doing. At least stable is getting security support, though it may not be quick enough with vulnerable, volatile packages like firefox. > This is simply a mess. Actually, now that I think about it, I suppose > the reason 1.0.6-2 hasn't moved into Testing is because of the > dependency problem of libxinerama1 and libc6. But who knows when the > new version of libc6 will get into Testing? It may be a very long > time. In the meantime, are we Testing users supposed to keep using a > vulnerable version of Firefox? Yes. But you may want to search the archives of the debian-user and debian-devel mailing lists of the past few weeks, as there have been discussions about this subject. I have hardly read it all, but I think there were people running testing that had no problem installing the plain tarball from mozilla.org. > I know Testing is not supported for security updates, but for > high-profile packages like Firefox with high-profile vulns, don't we > need a solution for this problem? And upgrading to Unstable is not a > solution; there's a reason I and others use Testing instead of > Unstable. True, and I've used testing for well over a year, until sarge became stable. But unstable doesn't seem to be that bad, though I don't think anyone will recommend it for servers. Installing apt-listbugs and apt-listchanges will help. And yes, you must be prepared for the occasional breakage. Unstable is perfect if you want to test your backup strategy. :-p -- Maurits van Rees | http://maurits.vanrees.org/ [Dutch/Nederlands] Public GnuPG key: http://maurits.vanrees.org/var/gpgkey.asc "It can seem like you're doing just fine, but the creep's creeping into your mind." - Neal Morse
signature.asc
Description: Digital signature
