Dossy wrote:
On 2003.09.16, Stephen Frost <[EMAIL PROTECTED]> wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version on incoming.debian.org which has the version
for unstable. I don't know what to tell you about testing/sarge. I'm
sure it will be in before release but beyond that I've no idea when it
will make it into testing.
Eek. So, if we want to run secure systems, we either have to run
unstable (and all the troubles that comes with) or stable? I find that
"testing" is a good middle ground for a reasonably stable system but
with reasonably up-to-date packages, so that's why I run it. Running
"stable" involves hand-managing way too many packages that I do need
more recent versions, and "unstable" involves way too many troubles if I
apt-get update without carefully inspecting what's being updated, which
I don't have the time for.
:-( poop.
Guess I'll go the deb-src route and hand-patch, I guess. Not what I
wanted to do today ... ;-)
-- Dossy
Or (to get a reasonably up to date system):
* Set your default release to stable (I actually prefer to use
distribution names, so that if I'm asleep at the switch when a new
version is released I don't accidentally 'apt-get upgrade' when I should
'apt-get dist-upgrade')
* Include testing and unstable in sources.conf
* Include apt-src for testing and/or unstable.
* Install a stable system, then for special needs, try 'apt-get install
foo/testing' (or "foo/unstable"). If you can live with the dependancies,
great. If things turn ugly, then apt-get source instead.
This way, you'll have stable (with the corresponding security updates)
for just about everything. For the few packages that need to be from
unstable or testing, either patch them yourself, or watch incoming, or
watch for others to contribute .debs.
Plus, you can apt-get update && upgrade without having your system blow up.
I've found fairly few cases where I actually *need* a more recent
version, so this approach works great for me. In most cases, the only
perceved need for a more recent version has been for security updates,
which, of course, are backported in Debian stable. Of course, YMMV.
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_________________________________________________________