Mike Renfro, 2001-Aug-21 14:40 -0500: > On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: > > > Can I get a few recommendations on the proper sources.list for a > > system running woody, that includes the security updates? > > Woody would be my last choice for a automagically secure installation: > > * it gets no packages of any kind that haven't been in unstable for >2 > weeks with no release-critical bugs. Security fixes are not an exception > to this rule. > > * most of the packages in security.debian.org have nearly identical > versions to potato -- Debian tends not to upgrade versions to fix > bugs, but instead backports patches into the current potato versions. > This means that apt-get upgrade (or dist-upgrade) will tend to > ignore security packages, since you'll already have a newer version > installed. apt-get upgrade doesn't check dates, changelogs, or > anything but the literal numeric version number. > > Running stable+security.debian.org is really the only *easy* solution, > followed by running testing+(selected packages from unstable with > security updates and probably other changes, too), and lastly by > running fully unstable. Ok, those last two don't qualify as easy to me > at all. > > For me, it's not even a question -- you want security, you run stable > and keep security.debian.org in your sources.list. > > -- > Mike Renfro / R&D Engineer, Center for Manufacturing Research, > 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Thanks for this explanation. I see what you mean, if I want security updates. I feel a bit stuck with woody though, since I want to use iptables instead of ipchains. I think I'll remove the security source until I figure out a better way. thanks, jc -- Jeff Coppock Nortel Networks Systems Engineer http://nortelnetworks.com Major Accts. Santa Clara, CA
