Gary Dunn wrote:
How does Debian deal with security issues? For example, if Apache issues
a security alert and an upgrade to correct the vulnerability, how
quickly does Debian make the update available?
From the Debian Site:
"Debian takes security very seriously. Most security problems brought to
our attention are corrected within 48 hours."
http://www.debian.org/security
As long as you are using Debian Stable, you will be able to apply the
upgrade by typing apt-get update and apt-get upgrade. Security patches
are applied to the Testing and Unstable trees, but not with the same
urgency and commitment as Stable.
At work I run FreeBSD in a production environment. I used to follow the
conservative path and only run RELEASE, but I ran into problems where an
upgraded application from the ports collection would not compile due to
library mismatches. Now I track STABLE, and have had fewer problems.
In general, the need to react quickly to security updates has made the
job of upgrading at lot more of a challenge.
I would say that the conservative path would be to track stable. The
FreeBSD team tests releases until they become stable. When a release
reaches the point of production stability, in the opinion of the team,
the name is changed to stable. What FreeBSD calls a release, Debian
calls Testing.
From the FreeBSD site:
"Compared to the existing line of 4.X releases, the first few 5.X
releases may have regressions in areas of stability, performance, and
occasionally functionality.
For these reasons, the Release Engineering Team <[EMAIL PROTECTED]>
specifically discourages users from updating from older FreeBSD releases
to 5.2-RELEASE unless they are aware of (and prepared to deal with)
possible regressions in the newer releases. Specifically, for more
conservative users, we recommend running 4.X releases (such as
4.9-RELEASE) for the near-term future. We feel that such users are
probably best served by upgrading to 5.X only after a 5-STABLE
development branch has been created; this may be around the time of
5.3-RELEASE.
(FreeBSD 5.X suffers from what has been described as a ``chicken and
egg'' problem. The entire project has a goal of producing releases that
are as stable and reliable as possible. This stability and reliability
requires widespread testing, particularly of the system's newer
features. However, getting a large number of users to test the system,
in a practical sense, means building and distributing a release first!)"
http://www.freebsd.org/releases/5.2R/early-adopter.html
Gary Dunn
--scott
