On Thu, Jan 28, 2016 at 04:07:00PM +0100, Florian Zieboll wrote:
> On Thu, 28 Jan 2016 08:15:01 -0500
> Hendrik Boom <hendrik@???> wrote:
>
> > On Wed, Jan 27, 2016 at 08:03:45PM +0100, Florian Zieboll wrote:
> > >
> > > * In the "configure package manager" section the installer suggests
> > > to choose "security updates" from security.debian.org. According to
> > > a mail on this list from some weeks ago, this is deprecated.
> >
> > Looks like I missed this. Where should I go for devuan security
> > updates?
>
> Sorry for the confusion, I obviously don't remember correctly that in
> the past weeks somebody had stated this. When searching for that
> specific mail, which I had given up in a first attempt due to a bug I
> just reported, I only found the exact opposite statement:
>
> | On Tue, 05 Jan 2016 11:33:40 +1300
> | Daniel Reurich <daniel@???> wrote:
> |
> | > We are NOT merging backports or updates or security updates.
> |
>
> Perhaps the "NOT" was shouted too loudly for me to hear it ;) So I
> finally added security.debian.org to the sources.list and must confess
> that it was a good idea, as the update pulled quite a lot, including
> rather exposed stuff like bind9-host, claws-mail, curl, iceweasel,
> linux-image-amd64 and openjdk-7-jre...

If you add security.debian.org, how does it know *not* to install
security updates that have been systemd-ized?

And what should we do with them?

-- hendrik