> Why is getting the latest security updates giving a false sense of security exactly?
Because in quite a few distributions you don't get security updates reliably. For example Debian Stable excludes most WebKit-based libraries from their update policy.
So users of browsers like Midori and Epiphany or E-Mail-Clients like Evolution on Debian Stable, currently end up using a WebKit library that hasn't been updated in more than a year.
The same issue applies to Ubuntu and most of its derivatives as well. E.g. Ubuntu 14.04 users get a WebKitGTK+ library which hasn't been updated in almost a year.
Of course, the user doesn't get a warning dialog when he installs applications which rely on those outdated and insecure libraries.
Ubuntu users also shouldn't rely on packages from the Universe repository (which are by far the most packages), if they care about security. Those packages are community maintained and often don't get a single update in years. In the past they didn't even update Chromium reliably.
This is why I think Rolling Release is the only viable model of Linux distribution in desktops. Instead of overloading a team of security experts expecting them to backport every security change to the stable version of a package, they simply follow upstream releases, build it and make sure that isn't horrible broken (however, they can't be sure that the upgrade path is seamless for every possible configuration).
You. Are. Not. Supposed. To. Install. Debian. Stable. On. A. Desktop. Machine.
How many times will this have to be repeated? Stable is for servers. If you're running webkit based libraries on your server you have other issues.
For desktops, both Testing and Unstable are the valid options.
that's like ... your opinion. the way you try tu make it look as if it's a widely accepted best practice among Debian users is not cool. Debian stable is a perfectly viable distribution for desktop use.
Except... it is? Having spoken with quite a few people on #debian, hell, even a simple google search agrees with that. Don't use stable unless you have a very old machine. Using stable brings you... stability and three years old packages. Using testing brings you stability and six months old packages. Using unstable brings you stability and sometimes fun things and one week old packages.
For the Personal Anecdote Bonus Points, even sysadmin friends that swear by stable would tell me to use testing for a desktop distro.
People over #debian or your sysadmin friends are entitled to their own opinions and not representative of Debian users other than themselves, and for every random recommendation for not using stable you can find another random one about dangers of using testing or unstable.
If you check the Debian web site you'll see stable is the only one which is offically supported and recommended by the project and there is no distinction for "server" or "desktop" use cases. Had stable was non-suitable as a desktop OS you can be sure Debian developers wouldn't bother releasing and supporting thousands of desktop/graphical packages with the stable release.
In the end stable, testing and unstable have all their pros and cons, strong and weak areas and some are more suitable for some use cases. That Debian stable is only for servers and it is not a good desktop OS is a myth that needs to die. Stable is a damn fine desktop OS. Everyone is free to use whatever they deemed best for their use but when you post blanket statements like "You. Are. Not. Supposed. To. Install. Debian. Stable. On. A. Desktop. Machine." and "Stable is for servers" on a public forum you are spreading misinformation and you should just stop.
Because in quite a few distributions you don't get security updates reliably. For example Debian Stable excludes most WebKit-based libraries from their update policy.
https://www.debian.org/releases/stable/amd64/release-notes/c...
So users of browsers like Midori and Epiphany or E-Mail-Clients like Evolution on Debian Stable, currently end up using a WebKit library that hasn't been updated in more than a year.
The same issue applies to Ubuntu and most of its derivatives as well. E.g. Ubuntu 14.04 users get a WebKitGTK+ library which hasn't been updated in almost a year.
http://changelogs.ubuntu.com/changelogs/pool/main/w/webkitgt...
Of course, the user doesn't get a warning dialog when he installs applications which rely on those outdated and insecure libraries.
Ubuntu users also shouldn't rely on packages from the Universe repository (which are by far the most packages), if they care about security. Those packages are community maintained and often don't get a single update in years. In the past they didn't even update Chromium reliably.