View Single Post
  #5   (View Single Post)  
Old 15th May 2010
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by Android1 View Post
Concerning the -release packages, how much of a risk do you think I am taking, in terms of security, by running (up to) six-month-old software?
It will depend on the specific software, and the dependency chain.

If you follow -stable (or the errata patchs, which is not quite but nearly the same thing), you will have a system that has no library changes, no functionality changes, but with patches for stability or security to the OS added.

If there is an update to a particular 3rd party package you need, and a -stable package is not available, you can either ask the associated port maintainer to work up a -stable package for you, or, develop it yourself.

In general, any update to software that adds functionality will also add risk of additional stability or security trouble. So-called "bug fix" releases that do not add any new functions are, generally, safer than those that don't. But each case is a judgement call, and an understanding of the risks is required.
Reply With Quote