2018-01-23 15:58 GMT+01:00 Sandro Tosi <mo...@debian.org>: > point releases usually include all the security updates from the > previous point release, so they would come from the "main" repo and > not the security one
That would only be a problem if they are then no longer available via the security update channel. Otherwise the security source is still listed? > (also apt-cache policy would require to have the > security.d.o source, which is not necessarily the case on every single > machine) You are right that there is no perfect solution. Could matching on "/updates" in the suite part of the source line be a "good enough" heuristic?
