Dear Philipp, On Sun, 18 Jul 2004 13:20:50 +0200 "Philipp" <[EMAIL PROTECTED]> wrote: > 1) Are you using unofficial repositories on production servers ? I'm using PHP from dotdeb.org. It provides PHP 4.3.8 and PHP 5.00 for woody. The guy who do that work for a french isp, so I think it's "safe" I havn't any problem with these packages, I'm using it for a year now. -----8<-------- deb http://packages.dotdeb.org ./ -----8<--------
> 4) What about security.debian.org ? If a vuln is found and > security.debian.org gives > out a fixes version, and i gave security.debian.org and the unofficial > repository in my > sources.list, what will happen ? As the version in unofficial package will be higher, you will stay with it. You can force this mechanism with apt-pinning, aptitude or with holding package. Package in woody, and from security.debian.org are always patch for security hole. So I think an old PHP 4.1 from woody is as secure as the last from dotdeb. Using unofficial is to get more "new" features. Hommelix -- Hommelix 12 Me 201 aka Jerome Vandenabeele -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
