On Wed, Oct 01, 2003 at 11:17:40 +0200, Christian Jaeger wrote: > What's the best way to let machines (running unstable) to warn me about > pending upgrades marked as security relevant (or just relevance high)?
http://www.debian.org/security/faq#testing : "Q: How is security handled for testing and unstable? A: The short answer is: it's not. Testing and unstable are rapidly moving targets and the security team does not have the resources needed to properly support those. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable. However, the security secretaries will try to fix problems in testing and unstable after they are fixed in the stable release." Thus, if you need to handle security issues for a machine running unstable, your best bet is to - Subscribe to debian-security-announce to get the security advisories for stable, then determine if the issue affects unstable, and, if so, check unstable and incoming.debian.org for fixed packages or make them yourself. - Subscribe to debian-devel to follow unstable-specific security issues discussion. That said, IMHO if you think about deploying unstable in an ISP setting you should step back and take a very, very good look at why you are even thinking about that. For an ISP, what you want is reliability and stability. Stable (if necessary augmented with selective backports or additions from apt-get.org) will give you that, unstable wont. HTH, Ray -- Outlook Express is free, and also sometimes lets strangers share your hard disk - is this anarchism? The Register's Graham Lea commenting on Steve Balmer's comparison of Linux to communism in http://www.theregister.co.uk/content/1/12266.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
