* Robert Zöhrer robert.zoehrer@pronet.at [20070107 20:15]:
But rather the whole question (for me) is when to update which (every or manualy selected?) packets to have a good compromise between system stability and up-to-dateness.
I think I'm not able to (or there is no time to) verify each packet which could be updated when using debian unstable if it's high risk for system stability and/or security.
Then the best choice for you might be to run a full upgrade ('aptitude update; aptitude dist-upgrade') at the time when a new grml release is available. (Of course you can update and install some selected packages in the meantime as well - I'm talking about the full-upgrade.)
At the time of a new grml-release http://wiki.grml.org/doku.php?id=upgrading should be up2date and you should not encounter any problems - but *if* *so* they are probably already mentioned on the wiki-page including a workaround for the problem. Of course it's not a guaranty that all the >2000 packages on your box work flawless (especially the ones not shipped by grml OOTB ;)), but at least the upgrade should run quite smooth. ;)
Using the mail produced by apt-listchanges allows you to identify new features of software and possible problems in your setup (if you notice any). Additionally apt-listbugs should prevent you from upgrading packages that are known to be broken.
That's BTW the way I usually handle my systems as well.
Maybe it would be better (for me) to freeze (e.g. just a grml debian testing pinning) and install only security relevant updates.
Then debsecan might be interesting for you as well.
regards, -mika-