Debian-based distros can use package pinning to this effect, but since it is an opt-in feature for advanced users, it is not a full solution. I'm mentioning it here just for sake of completeness.
I will one thing: apt pinning[1]. It allows you to tweak the way apt choses the version to install, and allows you through a configuration text file to give higher (or lower) priority to specific releases, repository components, repositories, package names, etc.
I started using it before 2005, before backports was a thing, and it was a lifesaver for my desktops, as I usually wanted to use newer versions from testing or unstable.
... this works and is the most conveninient way to use PageKite if you are treating it as part of the OS (so always on, exposing local servers).
However, in the context of security and trust, you really should think thrice before installing 3rd party repos like mine - once you have added my repo to your OS, I can upgrade any package on your computer with whatever malicious content I want. So folks who don't trust me and my curl-bash hack really shouldn't trust this sort of solution either.
This is why getting third parties to build, package and sign my software and getting into the public repos is the "correct" solution, but doing so didn't make sense while I was rapidly iterating. Things are starting to stabalize now, so I will probably be revisiting this very soon.
You can host a dep/apt repo as a static list of files in S3. Did that myself before using reprepro to generate it, then pushed it up to S3. Nothing fancy, but it worked fine. Not sure where you got the idea is was more complicated.
I've also done it using apt-ftparchive using a simple script. Very bare bones, but easy enough.
Was looking at trying aptly next time I needed one. It looked interesting.
I don't want 3rd party repositories to manage. To do it properly I have to (in the case of Debian) trust some MS team's signing keys (yuck), add the repo and update my apt-pinning rules (I don't want apt accidentally installing MS versions of tools) and integrate this in my dev OS build automation.
That vs. adding a single line in my list of selected packages. The price to adoption is high and it's just not worth it to me, especially seeing how immature the tooling and overall ecosystem is.
Debian stable + backports is probably closest. Unfortunatelly, there are few backports. Partially, because few people use it and partially because upstream rarely cares for Debian stable.
There is something called kickseed, which is documented on the Ubuntu wiki and seems to be available in Debian too, possibly in the Debian installer as well.
Generally not into the Debian repos, though it's possible the release manage could approve it.
You can pin other releases for specific packages, though, and if this is well-designed it should have minimal other dependencies. Ideally it's simply requesting and installing a key.
https://wiki.debian.org/AptConfiguration#apt_preferences_.28...
reply