Bug#1012174: Inconsistent advice wrt security archive
On Tue, 31 May 2022 16:13:27 +0100 Brian Potkin <claremont102@gmail.com> wrote:
> On Tue 31 May 2022 at 14:58:00 +0200, Julien Cristau wrote:
> > On Tue, May 31, 2022 at 02:26:39PM +0200, David Prévot wrote:
> > > The [errata] advises one to use
> > >
> > > deb http://security.debian.org/debian-security bullseye-security main contrib non-free
> > >
> > > while the [release-notes] advises
> > >
> > > deb https://deb.debian.org/debian-security bullseye-security main contrib
> > > errata: https://www.debian.org/releases/stable/errata#security
> > > release-notes: https://www.debian.org/releases/stable/amd64/release-notes/ch-information#security-archive
> > >
> > The release-notes version is preferred, as far as scheme and hostname.
>
> There appears to be a consensus in favour of https. For example:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692#37
In release-notes the only http:// i could find was in en/upgrading.dbk
(apart from inside xmlns markup)
https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/160
has just been submitted to update this to https
I dont think the 'errata' page above is in the release-notes repository (?)
Reply to: