deb http://ftp.br.debian.org/debian squeeze main
deb http://ftp.br.debian.org/debian squeeze-updates main
deb http://security.debian.org/ squeeze/updates main
What are the differences of updates and security updates (the second and the third lines in the above sources.list).
I understand what security updates are. But what are the other (non-security) updates? Isn’t Debian 6 frozen? If so, how a frozen system can have non-security updates?
I use Debian 6 on a recently installed production Web server. Should I update the server only from the security repository or from squeeze-updates too?
Russ Allbery from Santa Clara, United States of America
The codename-updates repository is essentially a holding area for package updates that will go into the next stable point releases. The security updates will also go into the next stable point release, but the updates repository is used for more minor security issues that don’t warrant an advisory (such as some DoS issues), fixes for important or RC bugs that aren’t security issues, and updates to always-changing data like time zone information.
Software in -updates has been accepted by the stable release managers but hasn’t yet been included in a stable point release. It’s therefore less stable than the software in stable itself (fewer people have used it or looked at it), but it has been reviewed by at least one person. Whether or not to include it in your sources.list depends on your risk tolerance.
It’s now being used in place of the old volatile archive for things that need to change all the time, so if you need, say, new virus definitions or new time zone information, that’s where it will be between stable point releases.