Re: sources.list for security

[songbird <songbird@anthive.com>]

Greg Wooledge wrote:
...
> If you are running "eternal testing" (you never convert it to a stable
> release), then you HAVE NO security support.  None.  There is no line
> you should use for security, because there isn't any security.

  false.  security updates come via unstable uploads that
migrate depending upon the policies in place.  i'm quite
ok with that process.


> (Many years ago, someone created a "security for testing" repository,
> and for a little while, it was used, but now it just sits there idle
> and devoid of packages.  So, while *technically* there is a testing
> security repository, it's not really *useful* and it would be a waste
> of time and bandwidth to add it to your sources.)
>
> The announcement in question (#931785) is for what the security
> repository will be called when bullseye is *stable* and receives
> security support.  People who track bullseye at this time in its
> lifespan (while it is in testing) may add the security line in
> anticipation of it becoming useful once bullseye becomes stable.
>
> Eternal-testing users should only use the one line that points to
> the testing repository (two lines if you want deb-src as well).

  debug packages are a third.


  songbird