On Sun 28 Dec 2025 at 14:32:52 (-0500), Ray and Sandie Clark for Biz wrote: > I think this amounts to what might be called bugs or mistakes in the > structuring of the archive.debian.org and deb.debian.org repositories > for bullseye, bookworm, and trixie, but I am thinking that I should > start here to get some feedback. > > The detailed structure and what I see as wrong is below (Questions > embedded in the detail are marked with an *), but at a high level : > > * Bullseye appears under both archive.debian.org and deb.debian.org, > and the deb version is missing bullseye-backports. I do not have the > capability to compare them, and I don't know which I should use or if > I should list both! Bullseye security information is only in deb, > whereas buster is only in archive (Which seems appropriate for an old > release, which bullseye is also). > > * While buster debian-security patches are in dist/buster/update > subdirectory, bullseye patches are in dist/bullseye-security directly > while ALSO having an updates subdirectory with apparently the same > content that is in its parent. The updates folder behaves like a link > to its parent, recursively showing all the same content and a new > updates folder at the new (lower) level.
Effectively, buster is dead, hence its transfer to archive.d.o. I wasn't aware that some bullseye was in the archive, but it seems reasonable to copy it there as it's past its EOL. However, it can't be removed from deb.d.o yet because people (like me) are still using it, as oldoldstable. Long Term Support continues until 31 Aug 2026. I've had 14 occasions to upgrade bullseye this month, including one kernel image. For people not in the habit of using oldoldstable, archive.d.o might seem the most logical place to look first for an old bullseye package. > * If I point to this bullseye-security folder will apt do something > dysfunctional due to the recursive folder? No. There's nothing wrong with a directory containing a link to itself. You'll see why it's there in what's below … > * Bookworm and Trixie have the same structure as bullseye, including > the recursive folder. > > Ultimately I want to develop sources.list and mirror.list files that > will work correctly so that I can efficiently install repetitively for > tests. These references may help: https://wiki.debian.org/SourcesList ¹ https://www.debian.org/mirror/ftpmirror > * Bullseye appears under both archive.debian.org and deb.debian.org. > Not being the current release, I expected it all to be in archive. As explained above: bullseye is still active. > * If this is a duplicate of what is in archive, why is Bullseye-backports > missing? > * If this is not a duplicate, what is it? I would very much doubt that the LTS maintainers want to maintain backports. I don't think they maintain the entire suite anyway. > * Which is correct? Which should I use? archive, deb, or list both? If you're writing a sources.list, deb.d.o. > * "updates" is a subdirectory containing everything > in its parent directory. > * Comparing this to the Buster structure, the updates folder > would exist and have the contrib/main/non-free/non-free-firmware. The updates folder /did/ exist in buster, but it was discontinued from bullseye on: Sources.list in buster: deb http://security.debian.org/debian-security buster/updates main contrib non-free and in bullseye: ¹ deb http://security.debian.org/debian-security bullseye-security main contrib non-free If you're used to navigating to somewhere like: security.d.o/debian-security/dists/buster/updates/main and now you navigate to: security.d.o/debian-security/dists/Bullseye-security/updates/main the updates link ensures you end up where you expected to (Principle Of Least Surprise). > Bookworm and Trixie do not appear under archive.debian.org/debian/dists EOL is not until 10 Jun 2026 for bookworm. ¹ Note that there's a new format for sources files, variously called debian.sources, deb822, or Debian RFC822 format, not supported by buster, and recommended for trixie on. (It's in the wiki.) Cheers, David.
