On 10/14/2013 10:11 PM, Pol Hallen wrote: >> I think the best way to do this is using a normal Debian stable. There >> are only few updates to stable which add features which means that >> update is a security update. > > Huh? > > I use debian 7 stable, but now the upgrade show me 4 security updates > and MANY MANY updates from debian mirros (not from security repository).
These "mainly add[s] corrections for security problems [...] along with a few adjustments for serious problems." (http://www.debian.org/News/2013/20131012). > I can't everytime do updates from main repository because many packages > of this server are patched. Then you can either * pin all packages affected by patches which might cause some security problems to remain because the packages are not updated or probably better * try to compile all patches in a safe testing environment before performing the upgrade. As there are mostly security patches this should (ideally) not cause too many failures. I'd try the second although that might be too much trouble depending on how many patches and what kind of patches were applied to the packages. Linux-Fan -- http://masysma.ohost.de/
signature.asc
Description: OpenPGP digital signature