[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How (un)safe would Debian be when only using the security.debian.org repository?

On Mon, Nov 11, 2013 at 04:56:27PM -0500, Michael Gilbert wrote:
> That isn't quite right since excepting mistakes, security updates will
> never require packages outside the security archive.

This is incorrect:

| Package: asterisk-mysql
| Depends: […] libc6 (>= 2.4), […]

| $ apt-cache policy asterisk-mysql | grep wheezy
|         500 http://security.debian.org/ wheezy/updates/main amd64 Packages
|         500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages

libc6 is _not_ shipped in the security archive:

| $ apt-cache policy libc6 | grep wheezy
|         500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages

Bastian

-- 
Without facts, the decision cannot be made logically.  You must rely on
your human intuition.
		-- Spock, "Assignment: Earth", stardate unknown
Reply to: