On 8/23/05, Kent West <[EMAIL PROTECTED]> wrote: > Hendrik Boom wrote: > > >On Tue, Aug 23, 2005 at 08:43:23AM -0500, Kent West wrote: > > > > > >>I would recommend duplicating the Stable lines, rather than replacing > >>them. Then replace the "stable" or "sarge" in the first (top) set with > >>your release of choice. > >> > >>This way, the system can fall back to packages in Stable if it (or you) > >>need(s) to. > >> > >> > > > >If you do this, it will pick the stable package is there is no testing > >package available. > > > Yes, this is what I meant. If package 'foo' in unstable is dependent on > 'bar' which is not in unstable but is in stable, you may still be able > to install 'foo' using stable's version of 'bar' as the dependency. > > > But taking out the lines containing "testing" > >won't give you a downgrade if you decide you want to go back. > >Downgrading isn't so easy. > > > > > This is not what I meant, but I'm glad you mentioned it since I failed > to make myself clear. > > >>Also, don't change the "security" line; leave it at stable. > >> > >> > >testing doesn't get the so-called security upgrades, which are > >carefully chosen upgrades for stable to maintain security while > >changing as little as possible. Testing gets lots and lots > >of updates instead. > > > > > > > It's my understanding that because of their high-priority nature, > security updates go into Stable even before they sometimes make it into > Testing (or perhaps, Unstable?). So a Testing system with the stable > security line is more likely to get patched more quickly than waiting > for the normal influx of packages into Testing. > > My understanding may very well be amiss, however.
No. Say that stable has foobar version 1.0.4-1, and testing has foobar 1.0.5-1. Now there's a security fix. Stable-security gets 1.0.4-1sarge1 or similar, unstable gets 1.0.5-2. However, testing still has 1.0.5-1, which is newer than 1.0.4-1sarge1. It will be at least two days until the unstable fix gets into testing.