Re: Do I track "security" apt site in Sid?
On Wed, Aug 29, 2001 at 10:20:05AM -0700, Karsten M. Self wrote:
> on Wed, Aug 29, 2001 at 11:36:25AM -0500, Dave Sherohman
> (esper@sherohman.org) wrote:
> > On Wed, Aug 29, 2001 at 12:15:52PM -0400,
> > Scott_Patterson@AndersonsInc.com wrote:
> > > Are unstable (sid) security patches posted in the
> > > main repository (US for me) or in security? In other words, do I need to
> > > track the "security" site in unstable (sid)?
> >
> > No. Security patches are applied directly to the main sid archive.
>
> Disagreed.
>
> Given different procedures for updating Sid and Security sites, one or
> the other may be more current.
>
> I keep my Sid sources.list pointing at stable, unstable, and security.
> I pull the most recent package(s) from whichever source is most up to
> date. There is no conflict, and a (theoretical) slight advantage.
I doubt that you actually get anything from security very often; perhaps
you would when a package hasn't been updated since stable, then has a
security update in stable, then takes a while for the maintainer to get
round to applying the same security update to unstable. (This has been
known, but for fairly obvious reasons it's a bug for a package to be
newer in stable than in unstable.)
security.debian.org consists of security updates to stable that have
been checked and had advisories issued by the security team. There is a
sid/updates tree, but all the packages there date from 1999, so it's not
the same sid we're talking about here and tracking that is probably
rather pointless.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: