enable debian-security by default in sources.list

Question

enable debian-security by default in sources.list

jindam-vani opened this issue 2 years ago · 5 comments

i havent saved my sources.list but it seems debian
security repo is missing?
ideally i would have:

deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free

#deb-src http://deb.debian.org/debian bullseye main contrib non-free
#deb-src http://deb.debian.org/debian-security/ bullseye-security main contrib non-free

wishlist:

deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://deb.debian.org/debian bullseye-backports main contrib non-free

#deb-src http://deb.debian.org/debian bullseye main contrib non-free
#deb-src http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
#deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
#deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free

Answer 1 · 2022-11-13T05:40:58.000Z

These will be added in the distro update today, along with Ubuntu sources.list update.

Answer 2 · 2022-11-13T10:02:50.000Z

this will be rude.....
dont label Feature Request for enabling security updates. first and last, excluding security repo is grave mistake..... for an average user & may or may not implications for exclusion.....
debian & its derivates must have security repo enabled by default bcoz it is not rolling release....
i care about security, promptly informed you...

Answer 3 · 2022-11-13T10:27:49.000Z

@jindam-vani

There's nothing rude in your words.

I think this issue is better labeled as bugs, thanks for the notify. The devs are aware of the default sources.list problems and are working to fix it in the next release, this is the developer's mistake, so no excuse here, however the security risk is minimized even without the security repo since the distro is running inside proot environment.
Yes, you are right, but we understand how the repo works.
These will be added in the distro update today, along with Ubuntu sources.list update. as stated above, the update and fix will be published later, thanks for your informing.

To Add up to this, this project is currently maintained at a 6 month life cycle (If no emergency bug occured).

Answer 4 · 2022-11-13T13:30:45.000Z

i am still learning...
notice that both deb.debian & security.debian contain deb http://security.debian.org/debian-security stable-security main but not as i stated earlier deb http://deb.debian.org/debian-security/
i did sent mailing list about does apt upgrade & full-upgrade packages from Security Updates (Debian Security Advisories (DSA))

Answer 5 · 2022-11-13T13:48:09.000Z

Yes, the new included security source in debian is:

deb http://security.debian.org/debian-security bullseye-security main contrib non-free

sources.list update apply as well for all apt based distro except Kali which including backports and a few other things.