Re: [Tails-dev] Relative security of Debian unstable / testi…

Delete this message

Reply to this message
Autor: Andreas Kuckartz
Data:  
A: The Tails public development discussion list
Assumpte: Re: [Tails-dev] Relative security of Debian unstable / testing / stable
intrigeri:
> Andreas Kuckartz wrote (16 Sep 2013 08:04:44 GMT) :
>> But my empirical observations are that this has not been true for
>> several years now: Debian unstable has been promptly supported with
>> security fixes.
>
> Well, yes and no. It is correct that Debian unstable is not supported
> by the security team. But this does not mean that it's in a bad shape
> security-wise: it's just hard to predict and rely upon. Security fixes
> in unstable generally do happen fast (and certainly faster than in
> testing since the secure-testing effort faded out), *but* it all
> depends on the package maintainers.
>
> Hoping it helps :)


Yes, thanks. That is in line with what I have observed.

If it all depends on package maintainers that might imply that unstable
is generally more secure than stable. And upstream developers generally
are more interested in maintaining the most recent versions of their
software.

> If you are interested to go on with this discussion, then perhaps it
> could be moved to a more appropriate place such as the debian-user
> mailing-list?


I probably will move it to debian-security@???.

> (Or it should be clarified how this relates to
> Tails development.)


Well, Tails can choose between stable and unstable packages, therefore
statistical security might be a factor in such decisions. My hypothesis
is that generally (but not always) unstable is more secure regarding
several security aspects (but not all).

Cheers,
Andreas