Hi Otto, In Buster's case, it would be becoming an ELTS soon and would have to use Freexian's repositories. It would no longer be the security team with DLAs that would take care of CVEs for ELTS, but the Frexian team.
So much so that if I look at the links below I didn't find anything (about security) for versions with extended support. https://archive.debian.org/debian/dists/ https://security.debian.org/debian-security/dists/ This point you mentioned is relevant. I will be following the finally of this conversation. Look, I hope I helped in some way and I realize that many users don't know the Freexian repositories. [1] https://www.freexian.com/lts/php/docs/access-apt-repositories [2] https://wiki.debian.org/LTS/Extended Cheers, Leandro Cunha
