On 30/12/2019 21:18, Dennis Lee Bieber wrote:
> On Sun, 29 Dec 2019 11:07:42 +0100, "R.Wieser" 
> declaimed the following:
>
>> Dennis,
>>
>>> Relying upon copies of  some downloaded .DEB files puts
>>> one at risk of having packages missing security updates.
>>
>> In my case that would most likely not be a problem, as I tend to keep my Pi
>> offline.
>>
>> But ... Do you know how to have the Pi check if certain /security/ updates
>> are of interrest (to my current installation) ?   And I do mean security
>> updates only.
>>
>
>  Unfortunately, Raspberry-Pi foundation doesn't separate them -- all
> packages are under a single repository
>
> pi@rpi3bplus-1:~$ cat /etc/apt/sources.list
> deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free
> rpi
>
>  In contrast, purer Debian actually has some separation between core,
> updates, and security, and commenting out the first two would likely leave
> only security updates to be found by apt update.
>
> debian@beaglebone:~$ cat /etc/apt/sources.list
> deb http://deb.debian.org/debian stretch main contrib non-free
>
> deb http://deb.debian.org/debian stretch-updates main contrib non-free
>
> deb http://deb.debian.org/debian-security stretch/updates main contrib
> non-free
>
>  Obviously not of use when the foundation builds its own binaries (due
> to variations in hardware, the foundation builds with a different floating
> point instruction set from what Debian itself uses).
>
>
If it's not online why do you need security updates?
Where's the attack vector for an air-gapped system?

--- SoupGate-Win32 v1.05