[TriLUG] Debian installation.

Neil Roeth neil at occamsrazor.net
Thu May 22 23:24:16 EDT 2003


On May 22, Ben Pitzer (uncleben at mindspring.com) wrote:
 > Debian unstable is NOT for production use.  Honestly, I'd go with Sarge
 > (testing) if I were you.

If security updates are important to you, you should use stable, not testing.
The way Debian works is that stable is updated with security fixes very
quickly.  Unstable gets the security fix as soon as someone uploads a new
version of the package, which is fairly soon after or concurrent with the
update to stable.  Testing only gets the security fix when it propagates in
from unstable, so it is the *last* version to get security updates.  Packages
only propagate to testing when they can do so without breaking other packages,
or being broken by other packages, so there can be a bunch of interdependent
packages that are all kept out of testing for a while, then move in all
together at the same time.  So, you cannot know how long it will take for
testing to get a security fix.

On the flip side, if you do not care that much about security updates
(machine not connected to the outside world, only the ethically purest souls
allowed near the machine, etc.) then testing might be the way to go.  Due to
the very same process for propagating packages from unstable to testing that I
described above, testing is less likely to be broken than unstable, and it
will be more up to date than stable.

I personally ran stable on my laptop for quite a while.  I then upgraded to
testing, because it fit that category of never being connected to the outside
world, except for retrieving mail, and I wanted it to be a little more up to
date.  Then there was a security issue with sendmail that was triggered by the
contents of the email, so I really wanted the security fix.  The fix was in
stable and unstable very quickly, but there was a big backlog waiting to go
into testing (I think because of the transition of the default compiler from
2.95 to 3.2 and the accompanying ABI change of the libraries), so the security
fix was not propagating to testing.  I decided to downgrade it back to stable;
I later upgraded it all the way to unstable.

This brings me to a point Bill made in his original post.  I installed potato
on this laptop and a desktop machine, and am now running unstable on both, and
have not had to do an install from scratch since that first one.  All I did
was apt-get dist-upgrade for each of the three major version changes (potato
-> woody -> sarge -> sid).  This was much less painful than reinstalling, and
I believe Bill is correct in saying that the install process probably gets
less attention than it would if it were necessary to actually use it more
frequently.

-- 
Neil Roeth



More information about the TriLUG mailing list