Bug#743892: please include security.debian.org in sources.list

[Anders Ingemann <anders@ingemann.de>]

On 8 April 2014 02:48, Jonathan Landis <jkl@calibersecurity.com> wrote:
>
> Package: cloud.debian.org
>
> The heartbleed bug has created a situation in which servers must be upgraded immediately. At the moment the default mirrors listed in the Debian Wheezy AMI image don't have the patches yet, but security.debian.org does. So users of the existing image have to update sources.list on each of their servers if they want to get patched ASAP.
>
> Is there any reason not to include security.debian.org in sources.list by default?
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 53434779.2010007@calibersecurity.com">https://lists.debian.org/[🔎] 53434779.2010007@calibersecurity.com
>

> Is there any reason not to include security.debian.org in sources.list by default?
Not really. There is a hanging PR at https://github.com/andsens/bootstrap-vz/pull/33
It's hanging because I never got an answer to my question: What's the difference between:

http://security.debian.org/  wheezy/updates ...
and
http://http.debian.net/  wheezy-updates ...
?

I am pretty sure only the first one should be there, but I can't for the life of me figure out why wheezy-updates was added. Is it a bogus source?

The source is here.