Ricardo Campos corez23@linuxmail.org wrote:

I have security.debian.org in my sources.list, but apt-get upgrades rarely downloads anything. Surely more vulnerabilities exist? Am I missing something?

Are you running stable? Many reported vulnerabilities do not exist in stable (because it's, er, stable and quite well-tested). If you're running testing, don't get people started about security and testing... ;-)

"Ricardo Campos" corez23@linuxmail.org writes:

I just had a thought- I still get updates from Redhat about vulnerablilities on their system- often 2 or 3 a week. And I was wondering- how come I don't keep having updates for Debian?

I have security.debian.org in my sources.list, but apt-get upgrades rarely downloads anything. Surely more vulnerabilities exist? Am I missing something?

stable is *old*. It's missing pretty much every bug introduced anywhere in about the last two years, a luxury that any more recent distribution doesn't have.

(Of course, it's also missing most features introduced in anything during the last two years.)

If you're not running stable - well, security.d.o doesn't have updates for testing and unstable.

[Text reformatted - get a decent mailer!]