Ira Abramov wrote:
Well, you can rectify that pretty easily. Upgrading Debian in place is the slickest I've seen, and often does not even require a reboot. If you also upgrade the kernel, you will require a reboot, but the system is up for the entire time before and after the reboot.Bom Dia, Miki! Todu bem?
Quoting Ben-Nes Michael, from the post of Thu, 22 Jul:
If you go for Debian use the testing branch ( Sarge ) and not the stable (
woody ), I mistakly went for woody and now I need lots of backports.
Keep in mind, however, that Debian's guarantee that no config changes will happen that will break your app does not hold when upgrading from one branch to another, so it's not an operation I'd do automatically. As such, I highly recommend changing all the apt sources from "stable" to "woody", so that automatic upgrade does not happen when you do not expect it to.
And if you have a fast Internet connection (broadband). Unstable can easily amount to 10-20MB of updates a DAY, more on some weeks.
a. I'm a bit conservative. for production servers I still stick to woody
and sources like dotdeb.org that proved itself worthy. you COULD run
workstations with unstable, but I would only do that if your users are
knowledgable.
b. in any case "testing" is usually a bit more broken than either stableAnd NEVER run it on production servers, as both Ira and me know. If you look at a typical Debian security advisory, it will contain the new package for Stable and Unstable. Testing's security fixes are very slow to arrive. We have, in fact, had a server broken into as a result of this.
or unstable. it's not for production, especially not servers.
last, who has a more secure patching policy/practice, Mandrake or Debian ?
As for practice, this is very hard to measure or estimate.
As a not-representing random problem, the latest PHP problem was posted to "Full Disclosure" on July 15th, 1:53 am. Mandrake released a fix on 2:19, and Debian on only on the 21st (six days later), at 5:41am. On the other hand, in other cases, Debian were way ahead of the others. This is usually an indication that Debian's security team did not deem this problem worthy of an urgent fix (no remote exploitation, for example).
As for policy, however, you cannot beat Debian's "dont' upgrade - backport" policy. It means that on a "stable", a security update will *never* break your config due to changes between minor software versions. This gives Debian's patches very very high marks on their stability front, which allows for automatic upgrades almost without fear.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
