Mike Renfro, 2001-Aug-21 14:40 -0500:
> On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote:
>
> > Can I get a few recommendations on the proper sources.list for a
> > system running woody, that includes the security updates?
>
> Woody would be my last choice for a automagically secure installation:
>
> * it gets no packages of any kind that haven't been in unstable for >2
> weeks with no release-critical bugs. Security fixes are not an exception
> to this rule.
>
> * most of the packages in security.debian.org have nearly identical
> versions to potato -- Debian tends not to upgrade versions to fix
> bugs, but instead backports patches into the current potato versions.
> This means that apt-get upgrade (or dist-upgrade) will tend to
> ignore security packages, since you'll already have a newer version
> installed. apt-get upgrade doesn't check dates, changelogs, or
> anything but the literal numeric version number.
>
> Running stable+security.debian.org is really the only *easy* solution,
> followed by running testing+(selected packages from unstable with
> security updates and probably other changes, too), and lastly by
> running fully unstable. Ok, those last two don't qualify as easy to me
> at all.
>
> For me, it's not even a question -- you want security, you run stable
> and keep security.debian.org in your sources.list.
>
> --
> Mike Renfro / R&D Engineer, Center for Manufacturing Research,
> 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
Thanks for this explanation. I see what you mean, if I want
security updates.
I feel a bit stuck with woody though, since I want to use
iptables instead of ipchains. I think I'll remove the
security source until I figure out a better way.
thanks,
jc
--
Jeff Coppock Nortel Networks
Systems Engineer http://nortelnetworks.com
Major Accts. Santa Clara, CA
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]