Package: harden-doc
Version: 3.11
Severity: normal

Hi!

Section 10.1.4 _Security support for the testing branch_[1] states:

| Users willing to take advantage of this support should add the
| following lines to their /etc/apt/sources.list (instead of the
| lines described in Execute a security update, Section 4.2):
| 
|    deb http://secure-testing.debian.net/debian-secure-testing 
etch/security-updates main contrib non-free
|    # This line makes it possible to donwload source packages too
|    deb-src http://secure-testing.debian.net/debian-secure-testing 
etch/security-updates main contrib non-free

This suggestion refers to the secure-testing.debian.net
repositories, which are now obsolete.
According to the latest DTSA[2], testing-security updates are now
provided by security.debian.org:

| To use the Debian testing security archive, add the following lines
| to your /etc/apt/sources.list:
| 
| deb http://security.debian.org/ testing/updates main contrib non-free
| deb-src http://security.debian.org/ testing/updates main contrib non-free

See also the announcement of the repository switch[3] for further
details.

I think that this information should be fixed ASAP, since users who
do what is currently suggested by section 10.1.4 (that is to say,
use secure-testing.debian.net) will miss any testing-security update
issued after June 2006.
And this does *not* sound good...  ;-)


[1] 
http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-security-support-testing
[2] 
http://lists.alioth.debian.org/pipermail/secure-testing-announce/2007-March/000033.html
[3] 
http://lists.alioth.debian.org/pipermail/secure-testing-announce/2006-May/000029.html


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to