On Mon, Nov 11, 2013 at 5:06 PM, Bastian Blank wrote: > On Mon, Nov 11, 2013 at 04:56:27PM -0500, Michael Gilbert wrote: >> That isn't quite right since excepting mistakes, security updates will >> never require packages outside the security archive. > > This is incorrect: > > | Package: asterisk-mysql > | Depends: […] libc6 (>= 2.4), […] > > | $ apt-cache policy asterisk-mysql | grep wheezy > | 500 http://security.debian.org/ wheezy/updates/main amd64 Packages > | 500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages > > libc6 is _not_ shipped in the security archive: > > | $ apt-cache policy libc6 | grep wheezy > | 500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages
Which confirms my point. That asterisk update, for example, required no new package dependencies outside the security archive. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MO_n2vX2ot8xoQAGrisyr�yv3xcwcwr_scdrg_ou...@mail.gmail.com
