Mr. Lumbergh wrote:my understanding was that Testing was still pretty solid and was available as a way to suss out and report any final bugs before the freeze in the next major revision but with the advantage of newer packages, sort of a happy medium between Stable and Unstable.
No, not at all. That belongs
here.
There is a mandatory transition delay for packages going from sid to testing so if something is broken in testing it could stay broken for a while whereas sid will get the fixes from upstream as soon as the maintainer notices them.
There is a FAQ covering this:
https://www.debian.org/doc/manuals/debi ... .html#s3.1
tl;dr: use stable and backport newer software to that release if needed.
Mr. Lumbergh wrote:I don't mind a bit of tweaking and fixing here and there, but the last time I tried a bleeding-edge setup with Arch, it was more trouble than it was worth. I love the concept of the AUR, but Arch was a bit of a PITA when it came to things breaking.
I've used both Arch Linux and Debian sid and Arch is more consistently reliable in my experience, even with [testing] enabled. Arch is a rolling release but sid is a development branch, there is a difference.
Mr. Lumbergh wrote:As for sudo, I don't really use it. I'm used to logging in as root to do what I need as that's how the other distro I have installed does things. I did install it here when I was in the process of getting it up and running but wound up removing my user account from sudoers. Would that bug still be a worry? If so I'll run an apt-purge on it.
You're missing my point — the sudo vulnerability was just an example meant to illustrate a general principle: testing is not as secure as sid or stable.