How stable is Ubuntu using Debian Unstable branch? This is something that troubles me time to time. This being the place, where Ubuntu devs come, I’m asking the question.
The Debian manual says,
“Unless you want to dedicate time to patch packages yourself when a vulnerability arises, you should not use Debian’s unstable branch for production-level systems. The main reason for this is that there are no security updates for unstable.”
Ubuntu provides the security, patches and bug fixes.
Quite a bit of Ubuntu is not based on Debian Unstable at all. See Ubuntu Merge-o-Matic: main for the real data, do your own comparison, and see for yourself.
Most probably, not everything is based on Debian unstable, but the majority might be. It says Ubuntu is based on Debian Buster/Sid, sort of a mixture of both. The mixing of Testing and Sid might be a good idea on the long run.
Security updates for testing are not managed by the security team at Debian. https://www.debian.org/security/faq#testing