Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

What does it mean 'does not have permanent security support'

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
rs7000
Posts: 21
Joined: 2017-05-12 09:24

What does it mean 'does not have permanent security support'

#1 Post by rs7000 »

FAQ tells that Debian Testing doesn't have permanent security support. Could you explain, please ?

User avatar
NFT5
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 597
Joined: 2014-10-10 11:38
Location: Canberra, Australia
Has thanked: 10 times
Been thanked: 43 times

Re: What does it mean 'does not have permanent security supp

#2 Post by NFT5 »

Debian Testing doesn't have the same level of security support that is given to Stable. Why? because it is testing, being tested, under test - however you like to put it it is a form of Debian that is not recommended for critical applications or for people who don't have the ability/knowledge to fix things themselves. Do some searches or just read on the main Debian web site - lots of information there that will answer your questions

Having read your other thread I'd strongly suggest that you stay well away from Stretch or Sid. Install Jessie (Debian Stable) and learn there first. It's quite apparent, from the questions you've asked, that you have some way to go as yet. Perhaps start with this page.

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: What does it mean 'does not have permanent security supp

#3 Post by pylkko »

Basically there is team of people that follows security reports and makes patches (small changes to code) for the packages in Debian in order to "make it safer". With "it" here we mean the entire collection of packages in the Debian stable software repository.

Since there are no "the packages" of testing, the same is not done for testing. And the reason that there are no "the packages" of testing is because the packages there are changing every day to newer versions to be tested, or some dropping out, others being rejected, yet others coming back in, and whatever else. In stable, if there is a package, like say vlc 2.2, then there will always be that package and it will always be the same version (2.2). In testing neither is true necessarily.

The people that provide the packages for Debian's repo ("upstream") do also make security changes to their own code in order to improve security wherever their program is used, well, at least some might. But it is in many ways a different story when tens of thousands of packages are (maybe, or maybe not) improved on security by individual distinct maintainers that don't know or even care about what other projects that provide other packages are doing. Also, some security issues are likely to be idiosyncratic to Debian, that is, not present in other Linux distributions since every distro compiles their kernel with different configs and uses different collections of software configured in different ways. Naturally, nobody else except that distro themselves can have the necessary know-how to make the distro secure.

Post Reply