Hello,
	How do you debian guys feel about this situation ... it makes me cringe a 
little, but it should be fine theoretically:

	A Knoppix HD install installs some bastard combination of debian testing and 
unstable with a few of its own packages.  This is clearly not ideal for 
installing a server (really fast moving target ... lots of updating, not 
guaranteed to get security updates for packages).  So lets say that I will just 
be installing a machine that will be a web server with PHP and MySQL with SSH 
running.  With no local users (other than the admin).  No X either.  So the only 
services I have listening are ssh and apache (PHP and MySQL via apache).

	Would you consider it safe to pin these packages and their dependancies back to 
stable and only put security.debian.org (stable) in sources.list  then the only 
packages that would ever get changed would be these guys.  I would also keep 
track of the kernel since that too may be remotely vulnerable.

Austin

PS - I have tried downgrading to stable ... nightmare ...