Posted by: Michael Shigorin
on September 14, 2007 10:31 PM
Guess those Debian folks might even track unstable which would be perfectly OK for them but a disaster for someone e.g. sitting on Rawhide.
Basically, any sane default repositories configuration would only put _security updates_ one as something where new package builds can appear. And then user would be actually updating what has to, not just everything around.
Your concerns over not representing some sort of a changelog summary are valid to me, but I'm afraid average Joe is better of by either trusting that distro maintainers know what they're doing and why did they go out on a limb and build an updated package for a stable release -- or changing the distro until there's one that can be settled on. Just as well your proposals at separating security updates/errata and version updates are perfectly valid as well -- the latter's long known as "backports".
PS: I'm running Linux for 9 years, using unstable/development branch for 5 years, and doing auto-updates on servers with _carefully chosen_ distro for 4 years. So far, it was rather worth it though I could catch one unpleasant upgrade (be it manual or auto, my configuration was quite peculiar and asked for much attention) with stable+updates and reasonably rare disasters, like last morning's X breakage thanks xorg folks auto-enabling Composite in server-1.4 and me using WindowMaker, on unstable side.