Development Version Security?

[Ice-Tea]

Is there any difference in the level of security between the development version and the point release for patches and updates?

thanks

[Frogs Hair]

AFIK ,kernel related security would be the same and there are no open ports by default. Using a development release as a daily driver is not a good idea. There are many issues that could be cause to reinstall during the development cycle. 3rd party and PPA software may not work or be incompatible and even native packages can break after updates.

[Ice-Tea]

Thanks Frog

Broken packages is ok , i was more concerned if development of the software was more important than the security.

[TheFu]

It is called the bleeding edge for a reason.

[Ice-Tea]

It is called the bleeding edge for a reason.

I've read your post a couple of times and i don't understand how that explains if the Canonical developers release the Devel version with the same level of effort of security as the point release or if they leave it with standard default upstream settings for the testers?

[guiverc]

I too don't believe there is a difference between focal (development) and stable (eoan or older) with regards security. Development still has -proposed, which from my observations is the same (testing & procedure wise before it makes it into release repos), though making changes into the stable (released) release repositories does require the SRU which I gather is a load more work that is avoided if possible (ie. unless necessary).

This box was switched to 'development' (now 20.04) late in the 17.10 cycle (ie. before 17.10's release), and any 'problems' have been extremely minor (I can't recall any anyway; even with -proposed packages though I don't usually use them unless asked to test for something specific).

Note: I'm not a developer & thus this is my opinion from observation.

[Ice-Tea]

Thanks , i had a good search at google but i couldn't find anything on the subject.

[TheFu]

New is the enemy of stable and secure.

[Ice-Tea]

I still don't understand what that has to do with Ubuntu's security configuration policy on the development branch before it goes public for testing but thanks for sharing.

[TheFu]

I still don't understand what that has to do with Ubuntu's security configuration policy on the development branch before it goes public for testing but thanks for sharing.

I read it as a question about real-world security in using software that hasn't been tested together in a complete system but is used as production software. Often, there are huge issues in pre-production software. Sorry.