Issue
I'm running postgres 9.0 on squeeze which I installed by temporarily adding backports.debian.org to source.list.
Our IT policy is to only patch from security.debian.org and i'm wondering if patches for this package will appear there, or if i have to also include backports.debian.org.
I would prefer not to include backports because it includes non-security updates for several other packages that i have installed.
Any advice from other debian admins out there would be greatly appreciated. Thanks in advance!
Solution
No, you have to update them from backports.debian.org. You can subscribe for example to the debian backports announce mailing list to be informed of normal and security updates and then decide if you want to install that update. You can close create your won repository with just security-related updates and use that as a source for your servers.
http://backports-master.debian.org/FAQ/
Q: Is there security support for packages from backports.debian.org?
A: Unfortunately not. This is done on a best effort basis by the people who track the package, usually the ones who originally did upload the package into backports. When security related bugs are fixed in Debian unstable the backporter is permitted to upload the package from directly there instead of having to wait until the fix hits testing. You can see the open issues for squeeze-backports in the security tracker (though there may be false positives too, the version compare isn't perfect yet)
Answered By - Marki555 Answer Checked By - Mary Flores (WPSolving Volunteer)