Sorry for the top-post but I think it is appropriate all good advice below but returning on the initial question without advice, sid/unstable does not have a security.debian.repository so just the two deb.debian are enough.
For someone with an urge to try the latest and finest you can go to sid now and then revert to testing and brace for the tsunami. But read this example as a sample: Arch Linux Security Advisory ASA-201705-22 Severity: High Date : 2017-05-30 CVE-ID : CVE-2017-7494 Package : samba Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-279 The package samba before version 4.5.10-1 is vulnerable to arbitrary code execution. ================================ The version of Jessie is still 4.2.... stretch and sid are on 4.5.8.... in arch based distros 4.5.10 is what they call stable!! This does not mean that 4.2 may not already be patched due to this security issue on jessie. This is one package as an example. -------- Original Message -------- Subject: Re: Proper sources list from Jessie > Stretch Local Time: June 1, 2017 2:28 PM UTC Time: June 1, 2017 11:28 AM From: d...@randomstring.org To: Dejan Jocic <jode...@gmail.com> debian-user@lists.debian.org On Thu, Jun 01, 2017 at 09:19:29AM +0200, Dejan Jocic wrote: > On 01-06-17, Fjfj109 wrote: > > Hi - wondering if with a standard sources list in Jessie (or any stable): > It is usually enough to change it to stretch, if you follow it up with > all those update and upgrade commands. And read release documentation. > But it is not good to go from stable directly to unstable. If you want > to go to unstable, you first go to testing. Then, when you are sure that > everything went fine, you switch to unstable. And, you make backup of > your important data. Just in case. This is odd advice. (Not the bit about backups. Backups are always important.) Stretch will become the new stable in a few weeks. Changing to "stretch" will make that transition early, but changing to "unstable" will make that transition and then, after stretch becomes stable, will incur a lot of package churn and breakage. If this discussion happened a year ago, the question would be whether you really wanted to go to testing or to unstable. They have different purposes. -dsr- -dsr-
