David Prévot
2022-05-31 12:40:01 UTC
Package: www.debian.org,release-notes
Severity: normal
X-Debbugs-Cc: ***@security.debian.org
Hi teams,
The [errata] advises one to use
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
while the [release-notes] advises
deb https://deb.debian.org/debian-security bullseye-security main contrib
Even if both will have the same result (the last time a non-free package
was uploaded to the security archive may have been during Etch), having
two different official advice makes it difficult in some situation
(âwhat should we actually use?â). Is the use of HTTPS via deb.d.o
preferable over HTTP via security.d.o? If so maybe the errata should be
updated, if itâs the other way around, the realease-notes should be
updated.
errata: https://www.debian.org/releases/stable/errata#security
release-notes: https://www.debian.org/releases/stable/amd64/release-notes/ch-information#security-archive
Regards
David
Severity: normal
X-Debbugs-Cc: ***@security.debian.org
Hi teams,
The [errata] advises one to use
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
while the [release-notes] advises
deb https://deb.debian.org/debian-security bullseye-security main contrib
Even if both will have the same result (the last time a non-free package
was uploaded to the security archive may have been during Etch), having
two different official advice makes it difficult in some situation
(âwhat should we actually use?â). Is the use of HTTPS via deb.d.o
preferable over HTTP via security.d.o? If so maybe the errata should be
updated, if itâs the other way around, the realease-notes should be
updated.
errata: https://www.debian.org/releases/stable/errata#security
release-notes: https://www.debian.org/releases/stable/amd64/release-notes/ch-information#security-archive
Regards
David