[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How (un)safe would Debian be when only using the security.debian.org repository?

On Mon, Nov 11, 2013 at 5:06 PM, Bastian Blank  wrote:
> On Mon, Nov 11, 2013 at 04:56:27PM -0500, Michael Gilbert wrote:
>> That isn't quite right since excepting mistakes, security updates will
>> never require packages outside the security archive.
>
> This is incorrect:
>
> | Package: asterisk-mysql
> | Depends: […] libc6 (>= 2.4), […]
>
> | $ apt-cache policy asterisk-mysql | grep wheezy
> |         500 http://security.debian.org/ wheezy/updates/main amd64 Packages
> |         500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages
>
> libc6 is _not_ shipped in the security archive:
>
> | $ apt-cache policy libc6 | grep wheezy
> |         500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages

Which confirms my point.  That asterisk update, for example, required
no new package dependencies outside the security archive.

Best wishes,
Mike
Reply to: