Pol Hallen wrote: > I can't everytime do updates from main repository because many packages > of this server are patched. How did you patch those? Did you rebuild the package with a local version string and your changes? Or did you simply wack the files on the disk? In any case you should definitely "hold" those packages. apt-mark hold foo I think simply holding them is much simpler than pinning. I personally would build a package with a local version string slightly later than the current production version. Also hold it. Then when it is "held back" for an upgrade I know that I must jump on it and apply the upstream security patch to my patched copy and rebuild it. I would use the upstream to notify me of security changes that way. The "hold" would prevent the upgrade in any case. But then of course reacting to security issues is the local admin job. Bob
Attachment:
signature.asc
Description: Digital signature