« Return to Thread: What is best practice for managing sources.list for security and stability?
Re: What is best practice for managing sources.list for security and stability?
by Thijs Kinkhorst-4
::
Rate this Message:
Hi John,
On moandei 25 Maaie 2009, john wrote:
> The recent key-change forced me to use the main stable repos to get
> the new keys (e.g apt-get install debian-archive-keyring )
> . and got me thinking...
>
> Is the approach I outlined the "best" way to maintain the security and
> stability of these box's or should I really be using the main
> repositories as well?
I understand where you're coming from, but I do recommend to enable the main
repositories aswell. There are several reasons for that.
You may miss essential changes to keep the system running, like the APT
keyrollover you mentioned; you also miss stability improvements, and less
pressing security bugfixes which are released in stable point updates.
Packages are only let into a stable point update after they get a lot of
scrutiny. Only packages are accepted that fix really serious bugs, or smaller
security issues that do not warrant a DSA. The stable release managers review
each package before it may enter. Packages are only added in a point release
which is announced on debian-announce, so you can review the changes before
installing them.
cheers,
Thijs
On moandei 25 Maaie 2009, john wrote:
> The recent key-change forced me to use the main stable repos to get
> the new keys (e.g apt-get install debian-archive-keyring )
> . and got me thinking...
>
> Is the approach I outlined the "best" way to maintain the security and
> stability of these box's or should I really be using the main
> repositories as well?
I understand where you're coming from, but I do recommend to enable the main
repositories aswell. There are several reasons for that.
You may miss essential changes to keep the system running, like the APT
keyrollover you mentioned; you also miss stability improvements, and less
pressing security bugfixes which are released in stable point updates.
Packages are only let into a stable point update after they get a lot of
scrutiny. Only packages are accepted that fix really serious bugs, or smaller
security issues that do not warrant a DSA. The stable release managers review
each package before it may enter. Packages are only added in a point release
which is announced on debian-announce, so you can review the changes before
installing them.
cheers,
Thijs
signature.asc (500 bytes) « Return to Thread: What is best practice for managing sources.list for security and stability?
| Free embeddable forum powered by Nabble | Forum Help |
