[solvedDebian Bullseye(Testing) secure enough for daily use?

[Heliosstyx]

The Internet is full with controversy articles about Debian "testing" (now Bullseye) for daily use and security issues. I am asking you, experienced user of Debian, what it is the truth about using Debian Testing on every day base? I have seen that there is a repository for Testing security updates too, is this option for faster security updates?

Thank you!

[Head_on_a_Stick]

https://www.debian.org/security/faq#testing

[Deb-fan]

Hey interesting, right on Head_on. My take on this situation is go big or stay home. Run unstable, fixes are going to come faster. Ran it for several years without problems but my tastes tend towards minimal = windows manager vs latest gnome, that kind of thing. So never even really had to put anything on hold briefly while the fixes came down. Think unstable gets a bad wrap in terms of naming and seen some highly experienced nixers saying the same for years, that being that tracking unstable is preferable to testing. Of course tad of research as to best practices while tracking Sid/unstable is advised. As long as someone has and uses an incremental backup/restore plan you're covered regardless. Something believe people should be doing no matter what Debian branch a person is using anyway. Experience some borkage, restore recent backup and hold off upgrading-etc until whatever issues blows over, usually happens very quickly.

[djk44883]

I have seen that there is a repository for Testing security updates too, is this option for faster security updates?

If this is referring to http://security-cdn.debian.org/debian-s ... -security/ Then I don't believe so. It's my understanding, it's there as part of the structure... for when bullseye becomes stable.

By it's nature, testing is updated... there's not really any logic to have a security update, then update a package - or update a package but have it securely updated? Since it's in development, it's updated/replaced before it's would need to have a security fix. Or that's what I've understood.

I've been running testing since Jessie, in my HTPC systems - no real issue. There may be an occasional hiccup - but it's generally short lived. Well, it all depends what you're running and what's all your mix.

As for taking care of my finances and other "important" things, I run Buster -the current stable release- because I'm just working, and I need to know it's going to be secure and work every time all the time. My media PC, it's not critical - well it is important, but I have alternative methods if there is a critical issue.

[pcalvert]

I wouldn't run a pure Debian Testing system for daily use, I'd run either a mixed Testing/Unstable system or pure Sid (Unstable) -- if I were so inclined. And with either one, I'd deal with security updates by grabbing the updated packages from Sid using debsecan.

For more info:
http://forums.debian.net/viewtopic.php?f=16&t=15612
http://forums.debian.net/viewtopic.php?p=711880#p711880

Phil

[Heliosstyx]

Thank for your clear answers to all. For me things are clear: I will stay on Buster now.