"Keith G. Murphy" <[EMAIL PROTECTED]> wrote: > Aaron wrote: > > > > > I don't want the hassle of running a hybrid Woody/Sarge system, just > > because I'm too lazy to deal with the depedencies, but I don't mind a > > few bugs in exchange for a more recent version of KDE/gAIM/whatever. > > > One disadvantage of moving away from stable is that you don't have the > security updates available anymore. Of course, this probably doesn't > matter much if you're on a single family PC with no open ports to the > Internet. >
When I asked about security, I was told that if bugfixes, including security updates, are implemented upstream, they would appear in unstable much sooner than they would in testing. My conclusion from that was that yes, I will not be getting security updates from the Debian security team in stable, but I would be getting the security updates in the form of normal updates to unstable much sooner than I am going to see them in testing. At any rate, I choose to keep unstable behind an iptables firewall and NAT gateway running stable. > But what I do on my home PC is run stable (with security updates) plus > selective updates from some of the 3rd-party Woody backport sources from > apt-get.org. Then, I just keep an eye on new security updates; if one > cropped up on a package I drew from a 3rd party source, I'd have to > figure out if the 3rd-party packager had incorporated the update, and > what I needed to do if he didn't. > > I can't stand behind any of the packages from apt-get.org, but I'd be > very surprised if, say, Adrian Bunk's packages were not of extremely > high quality. > > I do notice there's some KDE there, but I can't tell if they're Woody > backports. > > Happy hunting! > I haven't gotten into apt-get.org, though it is often suggested. You have expressed the same issue I have imagined would be the case if I used apt-get.org, just as I had using 3rd party RPMs for say mod_frontpage. Security updates aren't released by the 'official security team', and may not be as timely. On the other hand, the person making the 3rd party packages _if_ they are still active and not on vacation or sick or something would likely be re-compiling and back-porting the package for themselves. Where are they back-porting the fix from? If it's unstable, didn't the guys running unstable already get this fix? I guess if it's from experimental or the upstream maintainer or developers then a stable backport might outpace an unstable update. The stable backports sound like a good way to go, especially if you only want the latest update of a package or two, instead of everything. For my desktop system running unstable seems to be the thing to do, running testing wasn't. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
