On Thu, Apr 6, 2017 at 7:22 AM, Russell Stuart wrote: > Anyway, this discussion prompted me to get off my bum and look at why > unattended-upgrades wasn't working. Turns out the default install has > "label=Debian-Security", and all these laptops are running testing. I > guess the assumption that people running testing have the wherewithal > to configure their machines properly isn't unreasonable.
Theoretically security.d.o does support security upgrades for testing but in practice those happen via unstable. To get security upgrades from unstable and everything else from testing, I pin testing > unstable and use a script to pin security upgrades based on the output of debsecan. The script is available in this mail: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725934#20 Needs this setup also: ln -s /var/lib/debsecan/apt_preferences /etc/apt/preferences.d/debsecan -- bye, pabs https://wiki.debian.org/PaulWise
