On Sun, Apr 08, 2001 at 11:49:12AM +0100, Keith O'Connell wrote: > Hi, > > I have the following lines relating to security in my sources.list; > > deb http://security.debian.org stable/updates main contrib non-free > deb-src http://security.debian.org stable/updates main contrib non-free > deb http://security.debian.org/debian-non-US stable/non-US main contrib > non-free > deb-src http://security.debian.org/debian-non-US stable/non-US main > contrib non-free > > However I have been told by a friend that only the top one of the lines > actually means anything as there are no "non-us" or "src" sites for > security downloads. Is this correct`? there most certainly is source. non-us has empty packages files and probably never will have anything since non-us.debian.org and security.debian.org are the very same box. > I was also told that the security is only for "stable" and similar > entries for "testing" and "unstable", also do not exist. correct, testing is the most insecure version of debian. unstable generally gets security fixes installed immediatly (as soon as the maintainer packages the fix or new upstream version) but even security updates have to go through the same process and rules to make it to testing. security fixes should be uploaded with urgency=high so they go in faster. that won't help if the package is not synced on all archs or has dependency problems. > Can anyone clarify this for me? > > Why are there no mirror sites for "security"? because it would slow down the propagation of security updates. it would also be quite detrimental if a mirror stopped mirroring silently and nobody noticed for a few months. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpQwQjl1vpfh.pgp
Description: PGP signature