On Mon, Apr 14, 2008 at 08:34:30PM -0400, Douglas A. Tutty wrote:
> On Mon, Apr 14, 2008 at 03:09:26PM -0700, Andrew Sackville-West wrote:
> > Contrast that with sid, bug fixes happen fast. It seems, in my limited
> > experience, that serious bugs that get caught in sid rapidly
> > disappear, sometimes within hours. Sure there's more churn and
> > potentially more opportunities for breakage, but it seems to be pretty
> > short-lived.
> > I've run sid on my desktops for about 4 years now (wow! when did that
> > happen) and I can count on one hand the number of times I've had a
> > serious enough breakage to cause a real problem for my work. And I can
> > count on one finger the number of breakages that required real work to
> > get out of (unbootable system...).
> Just remember that a serious (is there such a thing as a non-serious)
> security bug doesn't usually show up as breakage.
yeah, that's a good point, thanks for mentioning it.
I actually have all my public facing services on an etch box except
sshd on my desktop. And that does concern me a bit, but I don't lose
sleep over it.
I set sshd pubkey only and run fail-2-ban with a long ban time
(usually 48 hours) and I think that does it pretty well.