Rationale for severity important: As soon as Debian releases next stable, debsecan will be broken for everyone tracking testing target instead of lenny. In automated environments, this can lead to serious issues. The rationale is pretty much the bug report. You can use etch, lenny, sid as --suite targets, but stable, testing, unstable are not possible. Thanks for your efforts maintaining debsecan:) Richard
Perhaps we can hit a mirror README (e.g. http://http.us.debian.org/debian/dists/README) and parse out the stable/testing/unstable/experimental -> suite mappings? Or is there a canonical way to do so?
It has now been 10 years. I will work on this if someone can suggest a way to deterministically map stable/testing to suite names.
Dear Nye Liu /usr/lib/os-release does have enough informations to read the current suite name of the installed system. PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" and running a single command like "apt search base-files" will give you the information if it is oldstable, stable, testing or something else. Example: apt search base-files Sortierung... Fertig Volltextsuche... Fertig base-files/oldstable,now 10.3+deb10u10 amd64 [installiert] Debian base system miscellaneous files oldstable is in the line base-files/oldstable. If you combine both, you will know the stable/testing to suite name mapping of the current installed system. I hope this helps. Best Regards Oliver