[ale] Debian 3.0 as a server platform?
Stuffed Crust
pizza at shaftnet.org
Thu Jun 2 11:48:37 EDT 2005
On Thu, Jun 02, 2005 at 11:27:02AM -0400, John Wells wrote:
> Stuffed Crust said:
> > Also, it's not "known working, secure, packages". What you're really
> > saying translates to: "fairly well known set of unfixed bugs with more
> > unkown bugs lurking", as opposed to "known bugs fixed with unknown bugs
> > lurking"
>
> Are you saying that known bugs typically go unpatched on Debian? Surely
> they have security updates issued?!
As I said in the very next paragraph:
"Playing the security card here is nonsensical, as security fixes are
just a special case of unknown bug, and they're fixed post-hoc as they
are discovered."
Yes, Debian-Stable promptly patches security bugs, and that's all they
do. But everyone else fixes security bugs too, so it's not like Deb
Stable's policy of fixing their bugs via backports vs new upstream
releases makes their software any more secure, as an unknown (security)
bug is still by definition an unknown bug. This policy makes their
software more stable, however.
Stable software is not necessarily secure.
Deb Stable's policy of backporting security fixes makes sense; however
it needs to be coupled with more frequent releases to be truly useful
for someone with relatively modern needs. If someone has to resort to
packages (or the whole tree) from -testing or -unstable, the "stability"
benefits go right out the window, but you can do many more things.
- Pizza
--
Solomon Peachy ICQ: 1318344
Melbourne, FL JID: pitha at myjabber.net
Quidquid latine dictum sit, altum viditur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
More information about the Ale
mailing list