On 8 April 2014 02:48, Jonathan Landis <[email protected]> wrote: > > Package: cloud.debian.org > > The heartbleed bug has created a situation in which servers must be upgraded immediately. At the moment the default mirrors listed in the Debian Wheezy AMI image don't have the patches yet, but security.debian.orgdoes. So users of the existing image have to update sources.list on each of their servers if they want to get patched ASAP. > > Is there any reason not to include security.debian.org in sources.list by default? > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: https://lists.debian.org/[email protected] >
> Is there any reason not to include security.debian.org in sources.list by default? Not really. There is a hanging PR at https://github.com/andsens/bootstrap-vz/pull/33 It's hanging because I never got an answer to my question: What's the difference between: http://security.debian.org/ wheezy/updates ... and http://http.debian.net/ wheezy-updates ... ? I am pretty sure only the first one should be there, but I can't for the life of me figure out why wheezy-updates was added. Is it a bogus source? The source is here<https://github.com/andsens/bootstrap-vz/blob/399dfa3fa0bc792fb1b8adc633a9e5fefe3b05d7/bootstrapvz/common/tasks/apt.py#L31> .
