also sprach Tobias Weisserth <tobias@xxxxxxxxxxxx> [2004.03.15.2208 +0100]: > Which means that he has to a little bit more work because he can't > *rely* on the distributor to supply patches in time. It's a trade-off. Sure, it's a trade-off. But with the administrative tools provided by Debian, as well as the cleanliness of a Debian system, I'd choose that over OpenBSD anytime. After all, FHS-compliance and system integrity/cleanliness contribute a significant portion to security. > He'll have to stay informed himself if the Debian Security Team > doesn't warn in time about critical packages in unstable or > testing. Maybe it mustn't be this way and there are regular > updates for unstable. But the Debian site itself advises against > the use of unstable regarding the security issues. I use testing on over 100 production systems and have never had a single problem. By the time that security updates make it to security.debian.org for stable, an updated version makes it to unstable. So I mix testing and unstable and only update when really necessary. This has treated me very well. > > And concerning workstations: your security better shield a security > > problem on a workstation. > > Non comprende? ;-) If, in a productive setting, you are concerned about remote exploits to your workstation, then you've got a whole different problem. Of course, exploits may still come from inside, but the risk should be relatively low since productive workstations should not be able to inflict any harm. > Though a lot of work if we're talking about workstations here... Our productive workstations get installed once and stay like that for months. With the appropriate AIDE/Tripwire rulesets, that's not different than a server. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! who's general failure, and why's he reading my disk?
Attachment:
signature.asc
Description: Digital signature