Well, either you want old stable or bleeding edge. And with web technologies it’s usually the bleeding edge type of people. It would take a full time job to create all the variants, and I do this mostly in my free time.
As for reproducible builds - that’s the next thing on my list, it seems that the patches got mixed up and the reproducible build patch got replaced with something else. Cheers, Ondrej -- Ondřej Surý <ond...@sury.org> > On 20 Oct 2018, at 18:34, Jonas Meurer <jo...@freesources.org> wrote: > >> Am 20.10.18 um 03:50 schrieb Chris Knadle: >> Jonas Meurer: >>> * Adding backports to my sources.list doesn't automatically pull any >>> packages from there. I have to choose particular packages in a manual >>> process in order to install them from backports. That's different for >>> repositories like sury.org that provide packages under the release >>> target (e.g. 'stretch'). >>> If I add deb.sury.org to my sources.list, then installed packages with >>> newer versions in this repo are automatically upgraded. This makes it >>> much easier to abuse the repo, e.g. in order to spread malware. In >>> other words, the attack vector is way larger. >> >> There's an available middle-ground, which is to add an additional repository >> to >> the sources.list file and add an apt Pin-Priority in /etc/apt/preferences.d/ >> for >> that repository (of say priority 150) such that any installed packages from >> the >> additional repository get updated, but any not-already-installed packages >> from >> the additional repository aren't automatically used for upgrades. >> >> See 'man apt_preferences' for details. > > Jep, you're right. I was talking about the default experience for users > who don't know about advanced tricks. > > Cheers > jonas > >
