In article <newsguy.com>, George Adams wrote:
Don't jump to conclusions. The Woody install disks (3.0r1) come with
a 2.4.18 kernel with security fixes since then backported.
And if you don't like that, you can always build your own.
Most of my Woody boxes are running 2.4.22. I don't bother to
"debianize" my kernels because I don't distribute them.
Woody 3.0r2 will be released this week.
Then I think your best choices are Woody and OpenBSD.
It's equally timely.
Woody is a production system. It gets security updates right away.
A lot of the packages are based on quite old versions of the "upstream"
sources (PHP and KDE are ancient at this point...) but the maintainers follow
the upstreams and backport any security updates.
It seems to me we always get OpenSSH updates within two days of the
Testing is not a production system. If you care about stability
and reliability and security, you should not use testing.
You can't even be sure it will install on any particular day.
For a server like the one you described, testing would be a mess.
If you really need an up-to-date PHP, it would be easier to
just use the upstream for that one product.
A few days ago, I built Apache 2.0.48 and PHP-4.3.4 on Woody just to see
if they would work. It only took a few minutes and they work fine.
But I still run Debian's Apache 1.3.26 (+ fixes) on the server that matters.
Once you get used to apt-get you'll wonder how you lived without it.
Woody (aka "stable") is the way.