Re: Kernel 2.4 SOS
Ethan Benson wrote: > security.debian.org is only for stable, it won't work on woody or > unstable since they almost invariably have newer versions then what > goes in security.debian.org. the fact you have so far seen good > results with security is mostly chance. if a security fix has some > dependency issue, or bug reports, it won't go in unless forced. ...ok you're right, only packages which have not changed in woody would be applied then > there is nothing guarenteeing fixes will go in and there is a good > chance they won't. there isn't a security team for anything but > stable. beware. of course the same goes for unstable, if you use any > branch other then stable you are responsible for checking that > security fixes are getting made and installed, there won't be an > advisory. ...also you're right :-) so or so i always have to be aware about my systems and i think i had luck in the last half year to get the right updates at the right time. regards joris -- SBF Gruppe - http://www.sbf.de Steinhof 51 - D-40699 Erkrath Tel: +49 211 20 99 51 0 Fax: +49 211 20 99 51 88
Re: Kernel 2.4 SOS
Ethan Benson wrote: > > On Wed, Jun 13, 2001 at 11:01:10AM +0200, Johan Segernäs wrote: > > And no, i wouldn't use woody on a firewall, it's to many packet-updates all > > the time, takes > > to much time to keep track of everything imho. > > woody also does not get security updates, in fact it can take a very > long time for security related updates to get into woody since its > almost entirely managed by a script. unstable simply gets new > versions of a package installed immediatly so any security fixes are > in unstable as soon as they are packaged. that does NOT guarentee they > will make it into woody any time soon though. > > the `testing' distribution (now woody) is the least secure branch you > can run. ...this is a thing where i can't agree, in the last 6 month, all security-fixes were as soon implemented as in potato (i have both, so i'd compared). e.g. bind probs, man-db probs for mention a few. but i have also the security-link in my sources.list even under woody, maybe this is the reason why it works. regards joris -- SBF Gruppe - http://www.sbf.de Steinhof 51 - D-40699 Erkrath Tel: +49 211 20 99 51 0 Fax: +49 211 20 99 51 88
Re: Kernel 2.4 SOS
Ethan Benson wrote: > security.debian.org is only for stable, it won't work on woody or > unstable since they almost invariably have newer versions then what > goes in security.debian.org. the fact you have so far seen good > results with security is mostly chance. if a security fix has some > dependency issue, or bug reports, it won't go in unless forced. ...ok you're right, only packages which have not changed in woody would be applied then > there is nothing guarenteeing fixes will go in and there is a good > chance they won't. there isn't a security team for anything but > stable. beware. of course the same goes for unstable, if you use any > branch other then stable you are responsible for checking that > security fixes are getting made and installed, there won't be an > advisory. ...also you're right :-) so or so i always have to be aware about my systems and i think i had luck in the last half year to get the right updates at the right time. regards joris -- SBF Gruppe - http://www.sbf.de Steinhof 51 - D-40699 Erkrath Tel: +49 211 20 99 51 0 Fax: +49 211 20 99 51 88 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4 SOS
Hi Craig, > Now what i need to know, is woody stable enough for a proxy/firewall machine ...no prob at all, woody is nearly stable and i use it since half a year without any probs as a firewall/squid-proxy and as a productive system (intranet-server) for 20 users. for sure these are two different maschines :-) regards joris -- SBF Gruppe - http://www.sbf.de Steinhof 51 - D-40699 Erkrath Tel: +49 211 20 99 51 0 Fax: +49 211 20 99 51 88
Re: Kernel 2.4 SOS
Ethan Benson wrote: > > On Wed, Jun 13, 2001 at 11:01:10AM +0200, Johan Segernäs wrote: > > And no, i wouldn't use woody on a firewall, it's to many packet-updates all > > the time, takes > > to much time to keep track of everything imho. > > woody also does not get security updates, in fact it can take a very > long time for security related updates to get into woody since its > almost entirely managed by a script. unstable simply gets new > versions of a package installed immediatly so any security fixes are > in unstable as soon as they are packaged. that does NOT guarentee they > will make it into woody any time soon though. > > the `testing' distribution (now woody) is the least secure branch you > can run. ...this is a thing where i can't agree, in the last 6 month, all security-fixes were as soon implemented as in potato (i have both, so i'd compared). e.g. bind probs, man-db probs for mention a few. but i have also the security-link in my sources.list even under woody, maybe this is the reason why it works. regards joris -- SBF Gruppe - http://www.sbf.de Steinhof 51 - D-40699 Erkrath Tel: +49 211 20 99 51 0 Fax: +49 211 20 99 51 88 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4 SOS
Hi Craig, > Now what i need to know, is woody stable enough for a proxy/firewall machine ...no prob at all, woody is nearly stable and i use it since half a year without any probs as a firewall/squid-proxy and as a productive system (intranet-server) for 20 users. for sure these are two different maschines :-) regards joris -- SBF Gruppe - http://www.sbf.de Steinhof 51 - D-40699 Erkrath Tel: +49 211 20 99 51 0 Fax: +49 211 20 99 51 88 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Firewalling
Hi Wade, > I'm fairly sure that this is "debian-illegal" way to do it, but I created > a "firewall" script in /etc/init.d, and then the correct symlinks to that > script from the RC directories. The files are: > -rwxr-xr-x387 Nov 7 22:43 init.d/firewall* > lrwxrwxrwx 18 Oct 7 23:36 rc2.d/S21firewall -> ../init.d/firewall* > lrwxrwxrwx 18 Oct 7 23:36 rc6.d/K21firewall -> ../init.d/firewall* ...yes - you are right its "debian-illegal" :-) the proper way is add the script to /etc/init.d/ and then: update-rc.d SCRIPTNAME defaults then it adds the script to all /etc/rc*.d/ in the right way with S* for starting and K* for shutting down. for further information have a look at the manpage. just a hint for the future :-) regards joris -- Joris Mocka, Leiter Abt. IuK SBF Gruppe Tel: +49 211 20 99 51 31 Steinhof 51 Fax: +49 211 20 99 51 88 D-40699 Erkrath http://www.sbf.de
Re: Firewalling
Hi Wade, > I'm fairly sure that this is "debian-illegal" way to do it, but I created > a "firewall" script in /etc/init.d, and then the correct symlinks to that > script from the RC directories. The files are: > -rwxr-xr-x387 Nov 7 22:43 init.d/firewall* > lrwxrwxrwx 18 Oct 7 23:36 rc2.d/S21firewall -> ../init.d/firewall* > lrwxrwxrwx 18 Oct 7 23:36 rc6.d/K21firewall -> ../init.d/firewall* ...yes - you are right its "debian-illegal" :-) the proper way is add the script to /etc/init.d/ and then: update-rc.d SCRIPTNAME defaults then it adds the script to all /etc/rc*.d/ in the right way with S* for starting and K* for shutting down. for further information have a look at the manpage. just a hint for the future :-) regards joris -- Joris Mocka, Leiter Abt. IuK SBF Gruppe Tel: +49 211 20 99 51 31 Steinhof 51 Fax: +49 211 20 99 51 88 D-40699 Erkrath http://www.sbf.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]