Prunk Dump wrote: > This is exactly what I want to know. On Debian, the stable release is > very stable ! Only the critical bugs are corrected.
Yes. And I for one count upon this to be able to maintain production systems and to enable setting up new production systems. On any given day the Unstable release may not be installable. It might be broken in various ways. Testing is better but even Testing might have problems. Stable is by design stable. Which for me means I can install it on any day and it will operate as expected. I can train other people to install it. I can automate the installation so that anyone can image or re-image systems and it will behave as expected. That is very important in my environment. > The only problem I found with this release system it that, for the > users like me that use Debian stable, it is not very motivating to > find bug fixes because they are never applied to my version. On the contrary for me. For me it is very important to test out Unstable and Testing so that when the next Stable release is made that it will not have bugs that affect me. I depend upon Stable. But that means I must test with Testing/Unstable so that bugs get fixed. Therefore I am more motivated to report bugs and to work through bugs. > Moreover, in my network, I need to manage 120 Debian Wheezy clients. > So if I made the patch myself and create a new Debian package et is > difficult for me to deploy the patched version to the client. At 120 machines you have plenty enough to justify putting some work into automating the infrastructure. How are you applying security upgrades now? Are you logging into each of them individually and applying upgrades? Hopefully not. Let me point to a somewhat academic gathering of articles on the topic. http://www.infrastructures.org/ I don't prefer pushing. I prefer that the systems pull updates. I use my own infrastructure. My clients pull upgrades from a gold server. http://www.infrastructures.org/bootstrap/pushpull.shtml There are many infrastructures available. Puppet is well known. There is also Ansible, Chef, Salt, others. I suggest taking a peek at one of those or others and adding some automation to your machines. It will take some effort up front but it will pay it back many times later with easier maintenance. Bob
signature.asc
Description: Digital signature