Andrei POPESCU <andreimpope...@gmail.com> writes: > On Sb, 04 oct 14, 16:44:17, Mark Carroll wrote: (snip) > The only time one could say stable is "catching up to testing" is the > moment of a stable release, but even then, it's not quite accurate since > the current testing *becomes* stable, the next testing is started as a > "copy" of stable[1] and testing migration is enabled (again) to allow > packages from unstable to migrate to it.
Well, in not upgrading the testing packages, they at least don't keep moving away from "stable" in version number as testing moves away and stable-updates advances some things. (-: > But as long as you watch for security updates you should be fine. Yes: I tend to avoid the automatic update utilities anyway because I want to check that the update actually went okay, so I have to watch the mailing list anyway. (Security messages about packages I might have installed somewhere are often actually a nice few-minutes break from whatever other work I was doing.) (snip) > Ugh! Did you consider local backports instead? Sometimes they're convenient, sometimes not. backports.debian does occasionally have useful stuff but what would be nice if apt build-dep made it easy to remove all those build dependencies afterward. I sometimes do. I don't always feel comfortable rolling out new ones, in thinking about which devices / directories to have reappear in them, more usually I have a 32-bit one for when multi-arch isn't quite enough. I guess I'm just not used enough to creating them. For longer-lived ones of course I always have to remember to do security updates there too. One thing I sometimes find easier is to have a virtualbox image, though most commonly I have older ones in those, for testing that my own software still works with older versions of dependencies like PostgreSQL 8.4. Maybe that'd sometimes be useful for testing newer versions of things too. > Security fixes for testing usually go through unstable, but with reduced > migration times (2 days?). Good to hear, though I worry at how quickly exploits can start to appear these days. With the latest bashocalypse I certainly had a few sshd's visible to the Internet. At least I was happy to see that on Debian systems I tend to find that /bin/sh is dash, not bash. Thanks for your comments! All good stuff to be aware of. -- Mark -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8738b3x0cp....@ixod.org
