[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#743892: please include security.debian.org in sources.list

I’ve pushed a patch to bootstrap-vz that should fix this; pending review and merge req pull by Anders.

 

  James

 

 

James Bromberger | Solution Architect | Amazon Web Services

E: jameseb@amazon.com   P: +61 422 166 708   T:@JamesBromberger

 

From: Jimmy Kaplowitz [mailto:jkaplowitz@google.com]
Sent: Tuesday, 8 April 2014 5:22 PM
To: Anders Ingemann; 743892@bugs.debian.org
Cc: Jonathan Landis
Subject: Bug#743892: please include security.debian.org in sources.list

 

The http.debian.net source is presumably the wheezy version of this:

 

 

- Jimmy

 

On Tue, Apr 8, 2014 at 12:02 AM, Anders Ingemann <anders@ingemann.de> wrote:

On 8 April 2014 02:48, Jonathan Landis <jkl@calibersecurity.com> wrote:
>
> Package: cloud.debian.org
>
> The heartbleed bug has created a situation in which servers must be upgraded immediately. At the moment the default mirrors listed in the Debian Wheezy AMI image don't have the patches yet, but security.debian.org does. So users of the existing image have to update sources.list on each of their servers if they want to get patched ASAP.
>
> Is there any reason not to include security.debian.org in sources.list by default?
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 53434779.2010007@calibersecurity.com" target="_blank"> https://lists.debian.org/[🔎] 53434779.2010007@calibersecurity.com
>

> Is there any reason not to include security.debian.org in sources.list by default?

Not really. There is a hanging PR at https://github.com/andsens/bootstrap-vz/pull/33
It's hanging because I never got an answer to my question: What's the difference between:

http://security.debian.org/  wheezy/updates ...
and
http://http.debian.net/  wheezy-updates ...
?

I am pretty sure only the first one should be there, but I can't for the life of me figure out why wheezy-updates was added. Is it a bogus source?

The source is here.

 

 

Reply to: