This quote excerpted from:
apt_preferences(5) - Linux man page with some of my own highlighting. I believe it must be pertinent to Pobega's issue.
TRACKING TESTING OR UNSTABLE
The following APT preferences file will cause APT to assign a high priority to package versions from the testing distribution, a lower priority to package versions from the unstable distribution, and a prohibitively low priority to package versions from other Debian distributions.
Package: *
Pin: release a=testing
Pin-Priority: 900
Package: *
Pin: release a=unstable
Pin-Priority: 800
With a suitable sources.list(5) file and the above preferences file, any of the following commands will cause APT to upgrade to the latest testing version(s).
apt-get install package-name
apt-get upgrade
apt-get dist-upgrade
******
The following command will cause APT to upgrade the specified package to the latest version from the unstable distribution. Thereafter, apt-get upgrade will upgrade the package to the most recent testing version if that is more recent than the installed version, otherwise, to the most recent unstable version if that is more recent than the installed version.
apt-get install package/unstable
That kind of repeats previous conversation that once a package is installed by name from Unstable, it will continue to update from Unstable unless Testing has a version newer than the one already installed. Thus, Pobega's packages upgrading from Unstable must have been originally installed from there.
More from the man page:
HOW APT INTERPRETS PRIORITIES
Priorities (P) assigned in the APT preferences file must be positive or negative integers. They are interpreted as follows (roughly speaking):
P > 1000
causes a version to be installed even if this constitutes a downgrade of the package
990 < P <=1000
causes a version to be installed even if it does not come from the target release, unless the installed version is more recent
500 < P <=990
causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent
100 < P <=500
causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent
0 < P <=100
causes a version to be installed only if there is no installed version of the package
P < 0
prevents the version from being installed
This suggests that Pobega can stop the updates from Unstable by lowering the priority section:
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 300
to
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 50
That, of course, triggers the potential problem discussed in the original thread regarding security issues. Presumably, though, a critical security update would make it into Testing in a timely manner ... if the package exists in Testing.
*********
*********
All of this is to suggest that I now believe I understand "pinning" well enough to recommend the following generic apt.preferences file in the original Howto:
Assuming that the Default release is Testing, and Unstable is included in the sources.list file, add this line to /etc/apt/apt.preferences:
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 100
Does that seem reasonable to those of you having some experience with "pinning?"