[Techtalk] Using Debian Testing (Sarge) on production servers
Carla Schroder
carla at bratgrrl.com
Fri Mar 5 18:42:37 EST 2004
On Friday 05 March 2004 5:16 pm, Rasjid Wilcox wrote:
> I'm planning on moving from my current web-hosting providers to a
> user-mode-linux virtual server provider. (The best option so far looks like
> Linode.com).
>
> I like Debian as a server platform, but Stable is just too old in many
cases.
>
> I have met one sysadmin who runs Testing with some packages pinned to
Unstable
> to get security fixes quickly.
>
> Any views or thoughts would be appreciated.
What security fixes? Stable gets the highest priority, Testing gets security
fixes rather slowly, and Unstable gets none. For a server, I wouldn't touch
Unstable with a ten-foot pole, it's asking for trouble. There's usually not a
lot of difference between Testing and Unstable as far as releases goes, to me
it's not worth the risk to gain a fractional point release.
There are two approaches that make sense to me:
1. Run a base Stable system, and add packages from Testing only as you need
them. This minimizes your risk of being 'sploited.
2. Run a completely Testing system. It's a little less work, but you better
have a really really good firewall! and don't forget egress filtering.
Pinning is a major PITA. Another way to manage a mixed system is to
use /etc/apt/apt.conf. Add this line to it:
APT::Default-Release "stable"
Then edit your sources.list to include sources for both Stable and Testing,
and run apt-get update. Now when you do "apt-get install foo", it will
default to Stable. To install or update a package from Testing, there are two
ways:
apt-get install testing foo
apt-get install foo=1.0.11
Specifying the release numbers ensures that you will get exactly the version
you want.
--
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.8 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list