Adding Debian security repos to LMDE sources

Archived topics about LMDE 1
Forum rules
Level 1
Level 1
Posts: 4
Joined: Thu Jan 10, 2013 2:14 pm

Adding Debian security repos to LMDE sources

Postby jimk4003 » Thu Jan 10, 2013 2:38 pm

Hi All,

I have recently converted to LMDE from Ubuntu 12.10 and 12.04 before that, and must say I'm enjoying the LMDE experience so far. I do have one query regarding how LMDE/ Debian in general handles security updates. Apologies if this is a noob question, I have read around the forums a bit and can't quite find the answer to my query.

I understand that LMDE organises the rolling release Debian testing branch into Update Packs which are then periodically released. The main benefit of this being, as I understand, that any potential bugs/ breakages from the Debian testing branch can be ironed out before being pushed out to unsuspecting people like myself. Conversely, I understand that a downside to this approach is that security updates can be slower reaching LMDE than they are reaching the pure Squeeze/ Wheezy branches.

My question, or rather questions, are as follows.

1) Can we get around the delay in LMDE security updates by adding the standard Debian security repo to the sources list, or is this a recipe for conflicts?
2) If we can, is it best to add the squeeze security repo "deb squeeze/updates main contrib non-free", or the wheezy security repo "deb wheezy/updates main contrib non-free"
3) Is there any merit in adding both repos? As I understand it the Debian Security team primarily provides support for Debian Stable, and then for Debian testing ( Are there therefore likely to be security patches in stable that have not been added in testing, or have a read this all wrong?
4) Taking answers to the above into account (sorry, I'm getting there, I promise) am I likely to encounter issues with a sources list that currently looks like this:

deb debian main upstream import
deb ... ian/latest testing main contrib non-free
deb ... t/security testing/updates main contrib non-free
deb ... multimedia testing main non-free

deb testing main contrib non-free
deb-src testing main contrib non-free
deb stable non-free
deb-src stable non-free
deb squeeze/updates main contrib non-free
deb-src squeeze/updates main contrib non-free
deb wheezy/updates main contrib non-free
deb-src wheezy/updates main contrib non-free

Apologies for the long-winded first post, any guidance would be appreciated.

Many thanks,


Level 16
Level 16
Posts: 6517
Joined: Tue Jul 07, 2009 2:29 pm

Re: Adding Debian security repos to LMDE sources

Postby zerozero » Thu Jan 10, 2013 4:54 pm

hi :) welcome to the forums

the way you're planning to do it is a recipe to disaster; you either stay in the update-packs flow (latest or incoming, one or the other, the one that suits you better) or you go all the way to testing (or sid); playing in-betweens as you are thinking is a no-go.

regarding the main issue (security) i think you should start here (S2 -Q1)
from there to here
and then here
and from there finally here

feel free to ask.

[ bliss of ignorance ]

Level 1
Level 1
Posts: 4
Joined: Thu Jan 10, 2013 2:14 pm

Re: Adding Debian security repos to LMDE sources

Postby jimk4003 » Thu Jan 10, 2013 8:25 pm

Thanks zerozero,

That's a great help. Looks like you helped me dodge a banana skin there!

Level 5
Level 5
Posts: 839
Joined: Fri Nov 11, 2011 10:44 pm

Re: Adding Debian security repos to LMDE sources

Postby cwwgateway » Thu Jan 10, 2013 11:21 pm

zerozero is very right, and I believe that when UPs were originally introduced, they still used the Security and Multimedia Repos, but they caused problems (I'm not completely sure though, as that was before my time with LMDE :) ). I believe that the LM team would update any packages that have significant problems, but overall the UPs are behind on security. Personally, I find that stable gets updates basically ASAP, and Debian is very good at patching all of that stuff. While Testing has a security repo and sid doesn't, it's my understanding that security updates enter sid before testing in most cases and the updates follow the standard migration requirements (10 days old, no release critical bugs, etc). However, I think that if there are significant vulnerabilities, the Debian security team will "skip" this process and move them directly into the security repo.

You can usually apt pin packages from newer releases if absolutely necessary (but only if absolutely necessary), although I'm very guilty of breaking this guideline :lol: . I pin AWN and compiz from Sid and iceweasel and icedove from experimental on my testing installs and use a few too many backports on my stable installs. For certain packages it will work out, but probably not to the extent I do it, although iceweasel 18 works great on Debian while firefox 18 for windows is broken :lol: . I can't open it any more after the update on Windows, so I feel somewhat better about pulling important packages from experimental. Anyways, the point is that in specific cases where you're willing to risk breakages and it is absolutely critical that you have the version in some other release, you can use apt pinning to install it.
Dell XPS 15 l502x - Debian Testing 64-bit NetInst Xfce, SolydX 64-bit Debian Testing, SolydK 64-bit SolydXK Testing
Old Gateway Pentium 4 Desktop - Arch Linux 64-bit Xfce and SolydX 32-bit Sid

Return to “Archive”

Who is online

Users browsing this forum: No registered users and 1 guest