On Thu, May 27, 2004 at 12:51:03AM -1000, Gary Dunn wrote: > How does Debian deal with security issues? For example, if > Apache issues a security alert and an upgrade to correct > the vulnerability, how quickly does Debian make the update > available?
Security updates seem to happen quickest with unstable, because they are treated as another package update. You have to wait a while for it to be QA'd before it gets tagged as testing. For stable, patches are created suprisingly quickly, but the binaries need to be built and QA'd on all the architectures before being released. > At work I run FreeBSD in a production environment. I used to > follow the conservative path and only run RELEASE, but I ran > into problems where an upgraded application from the ports > collection would not compile due to library mismatches. Now I > track STABLE, and have had fewer problems. Ports are best tracked with -STABLE. Ports are only heavily QA'd with -RELEASE during -PRERELEASE. -Vince
