What is best practice for managing sources.list for security and stability?

To: debian-security@lists.debian.org
Subject: What is best practice for managing sources.list for security and stability?
From: john <lists.john@gmail.com>
Date: Mon, 25 May 2009 11:49:26 -0700
Message-id: <[🔎] 2be970b50905251149k24ecef17n778d747547fe8599@mail.gmail.com>

Hi all,

Perhaps this is a "it depends..." kind of question but here it goes:

I manage  several Debian boxes running Etch and Lenny. I installed
Debian because I want long term stability and support for the
applications
running on the servers. After I build a box and get my applications
tweaked I usually comment out everything except the security entries
like so:

cat /etc/apt/sources.list

#deb http://ftp.us.debian.org/debian/ etch main
#deb-src http://ftp.us.debian.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

The recent key-change forced me to use the main stable repos to get
the new keys (e.g apt-get install debian-archive-keyring )
.  and got me thinking...

Is the approach I outlined the "best" way to maintain the security and
stability of these box's or should I really be using the main
repositories as well?

Thanks!

John

Reply to:

Follow-Ups:
- Re: What is best practice for managing sources.list for security and stability?
  - From: Thijs Kinkhorst <thijs@debian.org>
- Re: What is best practice for managing sources.list for security and stability?
  - From: Russ Allbery <rra@debian.org>
- Re: What is best practice for managing sources.list for security and stability?
  - From: Dan Ritter <dsr@tao.merseine.nu>

Prev by Date: Re: debian-security-announce - Upgrade instructions
Next by Date: Re: What is best practice for managing sources.list for security and stability?
Previous by thread: Re: debian-security-announce - Upgrade instructions
Next by thread: Re: What is best practice for managing sources.list for security and stability?
Index(es):
- Date
- Thread