hi, On Sun, Jul 05, 2020 at 10:34:30AM +0300, Andrei POPESCU wrote: > On Du, 05 iul 20, 08:14:28, Pierre Frenkiel wrote: > > hi, > > > > I found several proposals for thre security entry > > > > deb http://security.debian.org/ buster/updates main contrib non-free > > deb http://security.debian.org/debian-security buster/updates main contrib > > non-free > > [fixed wrapping] > > > deb http://deb.debian.org/debian-security/ buster/updates main > > > > which one must be chosen? > > According to https://security.debian.org (redirects to > https://www.debian.org/security) the second entry is correct. > > The first one seems to point to the same place as far as I can tell > (didn't look very deep though). > > The third entry appears to be an alternate distribution channel and also > supports https (in case it matters to you). > > I'm using the third, mostly for consistency with the other entries. > Updated packages have been available as soon as the DSA was sent to > debian-security-announce. > > The 'component' part ('main', etc.) should always match your other > repositories. > > [Rant] > It's confusing that Debian has several schemes for URLs and suites, e.g. > compare: > > http://security.debian.org/ buster/updates main > > with > > http://deb.debian.org/debian buster-updates main > > > It would be less confusing if all repositories had the same URL and used > only the 'suite' part to distinguish them ('stable', 'stable-security', > etc.). > > Hopping this will be fixed for 'bullseye'...
Please see https://lists.debian.org/debian-security/2019/06/msg00015.html and https://bugs.debian.org/931785 Regards, Salvatore