this post was submitted on 24 Jul 2024
16 points (73.5% liked)
Linux
5386 readers
264 users here now
A community for everything relating to the linux operating system
Also check out [email protected]
Original icon base courtesy of [email protected] and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Found on the same page you cited from (even same paragraph):
"Backports are packages taken from the next Debian release (called "testing"), adjusted and recompiled for usage on Debian stable. Because the package is also present in the next Debian release, you can easily upgrade your stable+backports system once the next Debian release comes out. (In a few cases, usually for security updates, backports are also created from the Debian unstable distribution.)"
Sure, but even in those "few cases" Testing will get them soon.
I did read at some point that Testing may receive security updates later than stable, might be in those cases in which backports come straight from unstable.
Didn't I allude to that with:
"it doesn’t receive the security backports like Stable does nor does it receive them as soon as Unstable/Sid does.
Though I do notice that the above sentence contains an error that is perhaps misleading. By definition, Unstable/Sid doesn't receive security backports. Instead, the updates related to security are (usually) first received in Unstable/Sid. So, the above sentence tried to portray the following picture related to security:
Unstable/Sid ~ Stable >> Testing
That's basically the point I've been making 😉.
I think the only remaining point of contention is the degree by which Stable does receive security backports right after Unstable/Sid does while Testing only receives it later.
Honestly, I don't know the specifics. But Debian Testing's wiki entry notes security concerns multiple times. And it's all related to the fact that they don't receive the security backports as soon as Stable receives them. The explanation related to security updates concerning the three distinct branches is covered in even more detail over here.
Basically, after I've read all of that, it's clear as day that security is not a priority on Testing. And while band-aid solutions do exist, it's simply not designed to be secure.
Ok, I understand what you meant, thanks.
Yeah, I wouldn't run it in a production environment.
Thank you for giving me the opportunity for a refresh 😛. And thank you for the very civilized conversation. I wish you a great day!