On Mon, 14 Jan 2002, Daniel Polombo wrote: > Adam Warner wrote:
> Well, maybe you should follow Tim's advice and go check the security team's > FAQ : > > Q: How is security handled for testing and unstable? > > A: The short answer is: it's not. Testing and unstable are rapidly moving > targets and the security team does not have the resources needed to > properly support those. If you want to have a secure (and stable) > server you are strongly encouraged to stay with stable. > > Of course, if you're using unstable, fixes tend to appear quickly, but : > > - "tend to" is not acceptable when security is concerned > - it may take a lot more time depending on your local mirror As woody draws closer and closer to being stable, and potato draws closer and closer to the legendary dinosaurs which roamed the earth with regards to its outdated software, perhaps this comittment to woody's security could be revisted. I would be surprised if a lot of the criticsm that is coming out on this issue is not related to the fact that a lot of people have moved from potato to woody because they cannot continue to use potato due to the requirements of certain software or underlying libraries, and are thus burned by this security policy. Lets face it, potato has some ancient software that is getting outdated, you can hardly find any software that uses db2 anymore, and it is not trivial to backport from db3, the version of perl makes usage and installation of anything that was done in the last 5 years difficult... potato is great, if you want to only use the packages which come with it, it is great as a server which doesn't need any changes, but if you want to do anything semi-new, or outside of the package scope, you have to move to woody, or just wait. With that movement comes a significant loss in security policy. Now that woody draws near to being stable, perhaps the policy can be altered to accomodate for that. Micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]