Head_on_a_Stick wrote:Did you actually read Garry's posts? There is no coverage at all for the testing branch from the Security Team and there never will be.
Furthermore because of the transition delay from sid any vulnerabilities may remain exposed for up to two weeks after upstream fixes are issued so Debian testing is probably one of the least secure GNU/Linux distributions available.
So I misunderstood ? Yes, I noticed following quote.This is my understanding, if I use debian-security buster/updates, I will get security update timely, if I keep with bullseye-security for some months, I won't get security upate, but it's possible to get security upate some months later, but delays may occur.I run debian as daily uses, so lags are accepted. Oh, I think I made a big mistake.
GarryRicketson wrote:there is a minimum two-day migration delay, and sometimes security fixes can be held up by transitions. The Security Team helps to move along those transitions holding back important security uploads, but this is not always possible and delays may occur. Especially in the months after a new stable release, when many new versions are uploaded to unstable, security fixes for testing may lag behind.
GarryRicketson wrote:Please note that security updates for "testing" distribution are not yet managed by the security team. Hence, "testing" does not get security updates in a timely manner. You are encouraged to switch your sources.list entries from testing to buster for the time being if you need security support.