Adam Warner wrote:
> On Tue, 2002-01-15 at 01:05, Tim Haynes wrote:
>>Some of us wouldn't dare say such things without at least reviewing the
>>given distro's security policy, FAQ and history.
> But I was really impressed that updates for unstable/testing were
> released at the same time. For those of us that use/test the bleeding
> edge on our systems it's a great reassurance to see the security team
> giving consideration to the security of testing/unstable.
Well, maybe you should follow Tim's advice and go check the security team's FAQ :
Q: How is security handled for testing and unstable?
A: The short answer is: it's not. Testing and unstable are rapidly moving
targets and the security team does not have the resources needed to
properly support those. If you want to have a secure (and stable)
server you are strongly encouraged to stay with stable.
Of course, if you're using unstable, fixes tend to appear quickly, but :
- "tend to" is not acceptable when security is concerned
- it may take a lot more time depending on your local mirror
--
Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
