LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-13-2013, 06:30 PM   #1
roundpotato
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Rep: Reputation: Disabled
Debian Infrastructure & Philosophy - Updates versus Security.


Hello everyone,

I've been playing with debian for a while...
I have been compiling from source software like PHP, MYSQL, APACHE2 and was moving to newest POSTFIX but I got struck on the head here... http://www.linuxquestions.org/questi....php?p=4989374 . Security is a big concern for me since I intend to go into production environment/s.

Now I am very "green" to Linux in general so I don't know much of how it works. Having said that and seeing as I chose Debian for having the word "stable" in it that reply on the thread I posted made me stop and wonder...
How does it actually work ? Have I been doing wrong and should go and "apt-get" everything from a fresh install to eliminate possible security leaks ? How is this paradox explained when Debian sits on ancient software versions to provide stability when new software has a very strong chance for fixing bugs and closing security holes. (I read some resource but they are quite troublesome to comprehend for a "Linux outsider").

Please enlighten me.
 
Old 07-13-2013, 08:04 PM   #2
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
Debian "Stable" backports fixes from newer version of software so despite the versions numbers seeming ancient the software you get in Debian Stable is patched with the latest security patches.
 
Old 07-13-2013, 08:31 PM   #3
roundpotato
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Question

Quote:
Originally Posted by 273 View Post
Debian "Stable" backports fixes from newer version of software so despite the versions numbers seeming ancient the software you get in Debian Stable is patched with the latest security patches.
So is there any negative effects by installing latest software from source ?
 
Old 07-13-2013, 08:36 PM   #4
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
Quote:
Originally Posted by roundpotato View Post
So is there any negative effects by installing latest software from source ?
There could be plenty but I can only think of a couple right now:
It may not compile due to dependency issues since Debian may have much older versions of the libraries the software depends upon.
It will mean you have to manually check the provider of the software every day and recompile when a new version is out.

I'm sure there are others.
If you want to run cutting edge software then go for Sid or install Fedora -- putting the latest software on Debian Stable seems an odd concept to me.
 
Old 07-14-2013, 05:42 AM   #5
roundpotato
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
There could be plenty but I can only think of a couple right now:
It may not compile due to dependency issues since Debian may have much older versions of the libraries the software depends upon.
It will mean you have to manually check the provider of the software every day and recompile when a new version is out.

I'm sure there are others.
If you want to run cutting edge software then go for Sid or install Fedora -- putting the latest software on Debian Stable seems an odd concept to me.
What is all the "stability" of Debian "stable" about then, if you can go and install "unstable" or "experimental" versions ?
 
Old 07-14-2013, 06:56 AM   #6
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906
Packages start off in 'experimental', then move down to 'sid', then 'testing'.

Debian testing is frozen (no new packages) for a period of time before it is finally released as stable. This is to make sure that there are no (known) internal or interpackage bugs.

Debian stable is meant to be just that, stable. Debian testing and sid have less tested pacakges, and are intended for different uses to stable.

http://www.debian.org/releases/
 
Old 07-14-2013, 07:46 AM   #7
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
Quote:
Originally Posted by roundpotato View Post
What is all the "stability" of Debian "stable" about then, if you can go and install "unstable" or "experimental" versions ?
cascade9 describes how the Debian versions work.
I suggested that somebody who wanted the latest versions of software could run the unstable branch of Debian so that they get more recent versions of software packaged for Debian and update using apt-get instead of running stable and compiling everything from source to get the latest versions and having to manually check the websites of every piece of software for updates every day.
Running Sid you still get to use apt-get and do other things "the Debian way" but you sacrifice stability for more modern packages.
 
Old 07-14-2013, 07:57 AM   #8
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,037

Rep: Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099
Linux is all about choice. It was your choice to install Debian Stable without really understanding what "stable" means in this context. If you prefer the latest and greatest (which = "buggy and untested" in my opinion) then there are many distros that will provide this for you (Debian Unstable, Arch, etc). Since "security is a big concern" for you and you "plan to go into production environments" this is probably a good time to tell you that 80-90% of production environments are, paradoxically, running "on ancient software versions" (by your definition, not mine). Hmmm, I wonder why that is the case? Perhaps an internship at a corporatate/univerity/institutional/government IT department will be enlightening as to why this is common practice.

Philosophical rant aside, you've already received clear and accurate instructions to install two different versions of cyrus-sasl: the stable and the experimental. So as you see, Linux gives you complete and total control over your system, to install the software you choose.
 
1 members found this post helpful.
Old 07-14-2013, 08:07 AM   #9
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
snowpine hits the nail on the head. A few weeks running Debian Sid or Fedora as a desktop OS will let you know why people don't tend to run the latest versions of software on their servers.
 
Old 07-14-2013, 02:26 PM   #10
roundpotato
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thanks guys.

I'll just reinstall the OS and apt-get the older/stable packages that were meant for the release.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Updates for Debian 6.0.5 Stable Ztcoracat Linux - Security 2 09-16-2012 01:55 AM
Tor Project infrastructure updates in response to security breach win32sux Linux - Security 0 01-22-2010 03:53 AM
Debian Security Updates aquaboot Debian 6 01-12-2008 08:47 PM
Security updates for debian bigeeguy Linux - Newbie 1 04-05-2004 01:11 PM


All times are GMT -5. The time now is 06:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration