Re: testing security updates

[Greg Wooledge <wooledg@eeg.ccf.org>]

On Fri, Oct 04, 2019 at 10:52:16AM +0100, Brad Rogers wrote:
> Also, currently, digikam is not in testing.  No big deal, I have it
> installed and working.  *However* if I had just installed testing, I
> would get digikam from stable, because I use it daily, and can't do
> certain things without it.

Yeah, I gave the (overly) simplified set of warnings.

You can't "run stable but cherry-pick from testing".  A lot of people
want to do that.  It cannot be done safely, at least not by someone who
isn't an expert.  (Use backports instead!)

But you *can* run testing and cherry-pick from stable (sometimes).  Or,
you can run stable and cherry-pick from oldstable (sometimes).  It
requires some knowledge and carries some risk.

It's mostly a matter of understanding that you are running the *newest*
of whichever set of branches you mix.  If you have some packages from
stable, and some packages from unstable, you are running unstable.  It
doesn't matter whether it's 99% stable, or 1% stable -- it's still
really unstable.  You need to see it that way, or you are screwed.

For *most* users, running stable, or running stable plus selected
backports, is the correct choice.