Hello everyone,

I've been playing with debian for a while...
I have been compiling from source software like PHP, MYSQL, APACHE2 and was moving to newest POSTFIX but I got struck on the head here... http://www.linuxquestions.org/questi....php?p=4989374 . Security is a big concern for me since I intend to go into production environment/s.

Now I am very "green" to Linux in general so I don't know much of how it works. Having said that and seeing as I chose Debian for having the word "stable" in it that reply on the thread I posted made me stop and wonder...
How does it actually work ? Have I been doing wrong and should go and "apt-get" everything from a fresh install to eliminate possible security leaks ? How is this paradox explained when Debian sits on ancient software versions to provide stability when new software has a very strong chance for fixing bugs and closing security holes. (I read some resource but they are quite troublesome to comprehend for a "Linux outsider").

Please enlighten me.

Debian "Stable" backports fixes from newer version of software so despite the versions numbers seeming ancient the software you get in Debian Stable is patched with the latest security patches.

So is there any negative effects by installing latest software from source ?

There could be plenty but I can only think of a couple right now:
It may not compile due to dependency issues since Debian may have much older versions of the libraries the software depends upon.
It will mean you have to manually check the provider of the software every day and recompile when a new version is out.

I'm sure there are others.
If you want to run cutting edge software then go for Sid or install Fedora -- putting the latest software on Debian Stable seems an odd concept to me.

What is all the "stability" of Debian "stable" about then, if you can go and install "unstable" or "experimental" versions ?

Packages start off in 'experimental', then move down to 'sid', then 'testing'.

Debian testing is frozen (no new packages) for a period of time before it is finally released as stable. This is to make sure that there are no (known) internal or interpackage bugs.

Debian stable is meant to be just that, stable. Debian testing and sid have less tested pacakges, and are intended for different uses to stable.

http://www.debian.org/releases/

cascade9 describes how the Debian versions work.
I suggested that somebody who wanted the latest versions of software could run the unstable branch of Debian so that they get more recent versions of software packaged for Debian and update using apt-get instead of running stable and compiling everything from source to get the latest versions and having to manually check the websites of every piece of software for updates every day.
Running Sid you still get to use apt-get and do other things "the Debian way" but you sacrifice stability for more modern packages.

Linux is all about choice. It was your choice to install Debian Stable without really understanding what "stable" means in this context. If you prefer the latest and greatest (which = "buggy and untested" in my opinion) then there are many distros that will provide this for you (Debian Unstable, Arch, etc). Since "security is a big concern" for you and you "plan to go into production environments" this is probably a good time to tell you that 80-90% of production environments are, paradoxically, running "on ancient software versions" (by your definition, not mine). Hmmm, I wonder why that is the case? Perhaps an internship at a corporatate/univerity/institutional/government IT department will be enlightening as to why this is common practice.

Philosophical rant aside, you've already received clear and accurate instructions to install two different versions of cyrus-sasl: the stable and the experimental. So as you see, Linux gives you complete and total control over your system, to install the software you choose.

1 members found this post helpful.

snowpine hits the nail on the head. A few weeks running Debian Sid or Fedora as a desktop OS will let you know why people don't tend to run the latest versions of software on their servers.

Thanks guys.

I'll just reinstall the OS and apt-get the older/stable packages that were meant for the release.