[ckuehl]

Just want to emphasize (and this is not directed specifically at you): you almost certainly shouldn't run Debian testing on anything that is public-facing. Packages get migrated to testing after some days in unstable if no high-priority bugs are filed against them during the days after their upload.

If a security patch is uploaded to unstable today, you won't get it in testing for a few days, and possibly many more if the migration gets blocked.

https://www.debian.org/devel/testing

[g1n016399]

You can install security updates from unstable using the output of debsecan:

apt-get -t unstable install $(debsecan --suite sid --format packages --only-fixed)

[ckuehl]

Just keep in mind that unstable is not guaranteed to get security fixes promptly, either. The Debian Security Team only handles supported releases.

The Security Team FAQ is a good read: https://www.debian.org/security/faq#unstable

It's quite explicit in saying that if security is important to you, then you should run a supported release.