On 18/01/2025 23:01, Andy Smith wrote:
After a stable release of Debian is made, future package updates will
come from the stable-updates suite (e.g. bookworm-updates in the case
of Debian 12). These updates will in most cases contain the same version
of the software from stable suite but with a fix for one or more
security bugs built for it.
In the concrete case of rsync as recently discussed on this list, the
*Debian* package version as reported by dpkg would be 3.2.7-1 when it
was originally installed from the Debian 12 release media, but would be
updated to 3.2.7-1+deb12u2 through package updates that came via the
bookworm-updates suite in your sources.list. All the time, the actual
program is going to report 3.2.7 when you type "rsync --version",
because that is what it is.
When you install Debian it usually enables security updates via an
-updates suite, so every user of stable should be getting security
updates.
The *-updates suite is something different from security upgrades.
To get bookworm security upgrades the necessary apt line is something like:
deb https://deb.debian.org/debian-security bookworm-security main contrib
non-free non-free-firmware
The bookworm-updates suite is a channel for updates that will eventually arrive
in a point release, like this from my debian-installer installed sources.list:
# bookworm-updates, to get updates before a point release is made;
# see
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb https://deb.debian.org/debian bookworm-updates main contrib non-free
non-free-firmware
--
John
