Re: sources.list for security
hi,
On Sun, Jul 05, 2020 at 10:34:30AM +0300, Andrei POPESCU wrote:
> On Du, 05 iul 20, 08:14:28, Pierre Frenkiel wrote:
> > hi,
> >
> > I found several proposals for thre security entry
> >
> > deb http://security.debian.org/ buster/updates main contrib non-free
> > deb http://security.debian.org/debian-security buster/updates main contrib non-free
>
> [fixed wrapping]
>
> > deb http://deb.debian.org/debian-security/ buster/updates main
> >
> > which one must be chosen?
>
> According to https://security.debian.org (redirects to
> https://www.debian.org/security) the second entry is correct.
>
> The first one seems to point to the same place as far as I can tell
> (didn't look very deep though).
>
> The third entry appears to be an alternate distribution channel and also
> supports https (in case it matters to you).
>
> I'm using the third, mostly for consistency with the other entries.
> Updated packages have been available as soon as the DSA was sent to
> debian-security-announce.
>
> The 'component' part ('main', etc.) should always match your other
> repositories.
>
> [Rant]
> It's confusing that Debian has several schemes for URLs and suites, e.g.
> compare:
>
> http://security.debian.org/ buster/updates main
>
> with
>
> http://deb.debian.org/debian buster-updates main
>
>
> It would be less confusing if all repositories had the same URL and used
> only the 'suite' part to distinguish them ('stable', 'stable-security',
> etc.).
>
> Hopping this will be fixed for 'bullseye'...
Please see
https://lists.debian.org/debian-security/2019/06/msg00015.html
and
https://bugs.debian.org/931785
Regards,
Salvatore
Reply to: