What does it mean 'does not have permanent security support'

New to Debian (Or Linux in general)? Ask your questions here!

What does it mean 'does not have permanent security support'

Postby rs7000 » 2017-05-15 23:38

FAQ tells that Debian Testing doesn't have permanent security support. Could you explain, please ?
Posts: 21
Joined: 2017-05-12 09:24

Re: What does it mean 'does not have permanent security supp

Postby NFT5 » 2017-05-16 02:40

Debian Testing doesn't have the same level of security support that is given to Stable. Why? because it is testing, being tested, under test - however you like to put it it is a form of Debian that is not recommended for critical applications or for people who don't have the ability/knowledge to fix things themselves. Do some searches or just read on the main Debian web site - lots of information there that will answer your questions

Having read your other thread I'd strongly suggest that you stay well away from Stretch or Sid. Install Jessie (Debian Stable) and learn there first. It's quite apparent, from the questions you've asked, that you have some way to go as yet. Perhaps start with this page.
User avatar
Posts: 228
Joined: 2014-10-10 11:38
Location: Canberra, Australia

Re: What does it mean 'does not have permanent security supp

Postby pylkko » 2017-05-16 07:17

Basically there is team of people that follows security reports and makes patches (small changes to code) for the packages in Debian in order to "make it safer". With "it" here we mean the entire collection of packages in the Debian stable software repository.

Since there are no "the packages" of testing, the same is not done for testing. And the reason that there are no "the packages" of testing is because the packages there are changing every day to newer versions to be tested, or some dropping out, others being rejected, yet others coming back in, and whatever else. In stable, if there is a package, like say vlc 2.2, then there will always be that package and it will always be the same version (2.2). In testing neither is true necessarily.

The people that provide the packages for Debian's repo ("upstream") do also make security changes to their own code in order to improve security wherever their program is used, well, at least some might. But it is in many ways a different story when tens of thousands of packages are (maybe, or maybe not) improved on security by individual distinct maintainers that don't know or even care about what other projects that provide other packages are doing. Also, some security issues are likely to be idiosyncratic to Debian, that is, not present in other Linux distributions since every distro compiles their kernel with different configs and uses different collections of software configured in different ways. Naturally, nobody else except that distro themselves can have the necessary know-how to make the distro secure.
User avatar
Posts: 1296
Joined: 2014-11-06 19:02

Re: What does it mean 'does not have permanent security supp

Postby wizard10000 » 2017-05-16 10:19

Last chromium security update that I saw Stable got it before Sid. Testing will always be the last place security updates get deployed.
we see things not as they are, but as we are.
-- anais nin
User avatar
Posts: 1279
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!

Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 5 guests