Debian Infrastructure & Philosophy - Updates versus Security.
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Debian Infrastructure & Philosophy - Updates versus Security.
Hello everyone,
I've been playing with debian for a while...
I have been compiling from source software like PHP, MYSQL, APACHE2 and was moving to newest POSTFIX but I got struck on the head here... http://www.linuxquestions.org/questi....php?p=4989374 . Security is a big concern for me since I intend to go into production environment/s.
Now I am very "green" to Linux in general so I don't know much of how it works. Having said that and seeing as I chose Debian for having the word "stable" in it that reply on the thread I posted made me stop and wonder...
How does it actually work ? Have I been doing wrong and should go and "apt-get" everything from a fresh install to eliminate possible security leaks ? How is this paradox explained when Debian sits on ancient software versions to provide stability when new software has a very strong chance for fixing bugs and closing security holes. (I read some resource but they are quite troublesome to comprehend for a "Linux outsider").
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Debian "Stable" backports fixes from newer version of software so despite the versions numbers seeming ancient the software you get in Debian Stable is patched with the latest security patches.
Debian "Stable" backports fixes from newer version of software so despite the versions numbers seeming ancient the software you get in Debian Stable is patched with the latest security patches.
So is there any negative effects by installing latest software from source ?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by roundpotato
So is there any negative effects by installing latest software from source ?
There could be plenty but I can only think of a couple right now:
It may not compile due to dependency issues since Debian may have much older versions of the libraries the software depends upon.
It will mean you have to manually check the provider of the software every day and recompile when a new version is out.
I'm sure there are others.
If you want to run cutting edge software then go for Sid or install Fedora -- putting the latest software on Debian Stable seems an odd concept to me.
There could be plenty but I can only think of a couple right now:
It may not compile due to dependency issues since Debian may have much older versions of the libraries the software depends upon.
It will mean you have to manually check the provider of the software every day and recompile when a new version is out.
I'm sure there are others.
If you want to run cutting edge software then go for Sid or install Fedora -- putting the latest software on Debian Stable seems an odd concept to me.
What is all the "stability" of Debian "stable" about then, if you can go and install "unstable" or "experimental" versions ?
Packages start off in 'experimental', then move down to 'sid', then 'testing'.
Debian testing is frozen (no new packages) for a period of time before it is finally released as stable. This is to make sure that there are no (known) internal or interpackage bugs.
Debian stable is meant to be just that, stable. Debian testing and sid have less tested pacakges, and are intended for different uses to stable.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by roundpotato
What is all the "stability" of Debian "stable" about then, if you can go and install "unstable" or "experimental" versions ?
cascade9 describes how the Debian versions work.
I suggested that somebody who wanted the latest versions of software could run the unstable branch of Debian so that they get more recent versions of software packaged for Debian and update using apt-get instead of running stable and compiling everything from source to get the latest versions and having to manually check the websites of every piece of software for updates every day.
Running Sid you still get to use apt-get and do other things "the Debian way" but you sacrifice stability for more modern packages.
Linux is all about choice. It was your choice to install Debian Stable without really understanding what "stable" means in this context. If you prefer the latest and greatest (which = "buggy and untested" in my opinion) then there are many distros that will provide this for you (Debian Unstable, Arch, etc). Since "security is a big concern" for you and you "plan to go into production environments" this is probably a good time to tell you that 80-90% of production environments are, paradoxically, running "on ancient software versions" (by your definition, not mine). Hmmm, I wonder why that is the case? Perhaps an internship at a corporatate/univerity/institutional/government IT department will be enlightening as to why this is common practice.
Philosophical rant aside, you've already received clear and accurate instructions to install two different versions of cyrus-sasl: the stable and the experimental. So as you see, Linux gives you complete and total control over your system, to install the software you choose.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
snowpine hits the nail on the head. A few weeks running Debian Sid or Fedora as a desktop OS will let you know why people don't tend to run the latest versions of software on their servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.