Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.devel.testing > #1207

Re: Current bullseye security and stability

Path csiph.com!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod
From MichaIng <micha@dietpi.com>
Newsgroups linux.debian.devel.testing
Subject Re: Current bullseye security and stability
Date Sat, 16 Jan 2021 21:20:01 +0100
Message-ID <By0db-6Rd-1@gated-at.bofh.it> (permalink)
References <BxbaG-YY-11@gated-at.bofh.it> <BxbNo-1q7-19@gated-at.bofh.it> <Bxcq6-1Um-9@gated-at.bofh.it> <BxWsV-4D0-1@gated-at.bofh.it>
X-Original-To debian-testing <debian-testing@lists.debian.org>
X-Mailbox-Line From debian-testing-request@lists.debian.org Sat Jan 16 20:11:48 2021
Old-Return-Path <pom.pumba@gmail.com>
X-Amavis-Spam-Status No, score=-7.591 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, LDO_WHITELIST=-5, NICE_REPLY_A=-2.749, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SARE_MLH_Stock10=1.66] autolearn=ham autolearn_force=no
X-Policyd-Weight NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-wm1-f50.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5
X-Google-Dkim-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=fwdLwbPawcPLXF45QAsIw6Ps7yy9OPGsSQweuG2Ilkk=; b=JlBIuk0WUOFlFV40m8MqRiLDMZPLtnIVQrw03fXgaQu2xqNFteWsTZXGTVUfCkoP2o jqbwVRp9kgz142q0Aghiy9hKCSdJov6S4enM1lHn38viALDLdEbL8Vy4R6ltndmBzKgs gY71Ur4XLLO0z7lkoQLf1Nm//vFDWtOmfZM57jji7L7nqjSVwOloeW46MODbLDDCmdsc dXZ2bHLCz5CDFVclS/YVJEDRxKoozwppjFpmQX2JS3/j4R0vmOUJ4RqlfeTuABMw3Nwo /9JeomBxIB4DyirYE/FQIEhtKT1fChRvSuslZw9Ogk3JAGubcOOdI5RN7LD7x/vHTde+ dBxg==
X-Gm-Message-State AOAM531hTYWfxohJBn4i77tekYLYHsqADlV1Hnd8Iy8sa20Td0V45eji K5jolsLZ0vpDOlKmNl70jK0JizXZ3is=
X-Google-SMTP-Source ABdhPJyFKyFWbtvGoDbJ4/M1+rAhBnWYcaDE3fjoG6niN/CTjLN4FXflEh46lMqFFZbECqU1X2efEw==
X-Received by 2002:a1c:40d6:: with SMTP id n205mr14527108wma.0.1610827892721; Sat, 16 Jan 2021 12:11:32 -0800 (PST)
User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
MIME-Version 1.0
Content-Type text/plain; charset=utf-8; format=flowed
Content-Language en-GB
Content-Transfer-Encoding 7bit
X-Mailing-List <debian-testing@lists.debian.org> archive/latest/11583
List-ID <debian-testing.lists.debian.org>
List-URL <https://lists.debian.org/debian-testing/>
List-Archive https://lists.debian.org/msgid-search/6baa5ed1-5401-9b86-0f50-167d2d10b9fd@dietpi.com
Approved robomod@news.nic.it
Lines 46
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Date Sat, 16 Jan 2021 21:11:32 +0100
X-Original-Message-ID <6baa5ed1-5401-9b86-0f50-167d2d10b9fd@dietpi.com>
X-Original-References <87pn2763ak.fsf@disroot.org> <818e323e-5169-39f7-26b7-9d7c3a65d29d@syt.net> <bcb1049c-8d44-34e2-7fe0-65cc927d31e4@dietpi.com> <87lfcsrhfy.fsf@disroot.org>
Xref csiph.com linux.debian.devel.testing:1207

Show key headers only | View raw

 > So you recommend avoiding sid even for specific package minor-version
 > upgrades with security fixes?
 >
 > The Debian wiki says otherwise.  See
 > https://wiki.debian.org/DebianTesting#Best_practices_for_Testing_users
 >
 > I currently follow the Debian wiki advice.  I carefully monitor the list
 > of installed packages from unstable, to avoid unintended upgrades.

Hi Jorge,

the way you explain how you use it, especially carefully reviewing the 
upgrade list, and are okay with the chance to run into bugs with the 
implementation, it should be fine, but I would never recommend it to a 
"regular" user, not knowing the experience level.

Read the notes at the top about which requirements need to be fulfilled 
before a package is merged from "unstable" to "testing":
- The package has been in "unstable" at least for 2-10 days (depending 
on the urgency of the upload).
- The package has been built for all the architectures which the present 
version in testing was built for.
- Installing the package into testing will not make the distribution 
more uninstallable.
- The package does not introduce new release critical bugs.

The other way round, the above points are not guaranteed for "unstable" 
and usually critical security fixes are available in testing a couple of 
days later, which should outweigh the possible chance for a major 
security issue introduced with a package from unstable due to a 
non-reviewed/tested implementation change for example.

When using testing only, APT upgrades can be applied without issues 
(dist/full-upgrade still needs to be reviewed of course due to possibly 
changing major versions) and a minimum of test and review is guaranteed, 
which IMO is worth it to wait for.

But it all depends on the use-case and personal preference, of course. 
And, if you do report bugs back to the package maintainers, you can help 
making testing->stable better for other users, so it's actually great if 
more (experienced) users use "unstable", but it's just not what I would 
recommend to a "regular" user ;).

Kind regards,

Micha

Back to linux.debian.devel.testing | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Current bullseye security and stability "Jorge P. de Morais Neto" <jorge+list@disroot.org> - 2021-01-14 14:50 +0100
  Re: Current bullseye security and stability ldavila@syt.net - 2021-01-14 15:30 +0100
    Re: Current bullseye security and stability MichaIng <micha@dietpi.com> - 2021-01-14 16:10 +0100
      Re: Current bullseye security and stability Jorge P. de Morais Neto <jorge+list@disroot.org> - 2021-01-16 17:20 +0100
        Re: Current bullseye security and stability MichaIng <micha@dietpi.com> - 2021-01-16 21:20 +0100
          Re: Current bullseye security and stability Jorge P. de Morais Neto <jorge+list@disroot.org> - 2021-01-17 00:00 +0100

csiph-web