On Tue, 31 May 2022 16:13:27 +0100 Brian Potkin <claremont...@gmail.com> wrote: > On Tue 31 May 2022 at 14:58:00 +0200, Julien Cristau wrote: > > On Tue, May 31, 2022 at 02:26:39PM +0200, David Prévot wrote:
> > > The [errata] advises one to use > > > > > > deb http://security.debian.org/debian-security bullseye-security main > > > contrib non-free > > > > > > while the [release-notes] advises > > > > > > deb https://deb.debian.org/debian-security bullseye-security main > > > contrib > > > errata: https://www.debian.org/releases/stable/errata#security > > > release-notes: > > > https://www.debian.org/releases/stable/amd64/release-notes/ch-information#security-archive > > > > > The release-notes version is preferred, as far as scheme and hostname. > > There appears to be a consensus in favour of https. For example: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692#37 In release-notes the only http:// i could find was in en/upgrading.dbk (apart from inside xmlns markup) https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/160 has just been submitted to update this to https I dont think the 'errata' page above is in the release-notes repository (?)
