On Tue, Jul 10, 2018 at 10:27:19AM -0400, The Wanderer wrote: > > (I'm really surprised to see someone with an @debian.org address > advising people to run unstable for any other reason than helping with > developing Debian.
I say that because testing gets "stuck" in various ways. In particular, library transitions can result in the removal of many packages from testing because of delays in updating them. > Cherry-picking a single package from unstable for > new-version reasons may be one thing, but tracking unstable on a > production system is dangerous and inadvisable, Using anything other than stable on a production system is rather high risk. Testing gets no security support. Suppose that a package you are using has a new upsrteam release come out to fix security issues. The security team will backport those fixes to stable. The maintainer will usually upload a new version to unstable. There are instances where that new version also introduces new bugs and is prevented from migrating to testing. So now you have a package with potentially severe security vulnerabilities that you cannot update from Debian sources. That sounds like a real problem to me. Of course, there is no guarantee that unstable will get the latest security-fixed version in a timely manner. > and I've gotten multiple > machines into unsupportable configurations that way. I've also seen it > stated repeatedly on debian-devel that people not interested in helping > develop / improve Debian should not run sid.) > That is true of both testing and unstable. Counterintuitively, unstable tends to stay broken for shorter periods than testing. So, for users who are not willing or able to deal with lengthy delays in problems being fixed, testing is a bad choice. Regards, -Roberto -- Roberto C. Sánchez
