How to use Extended LTS

To benefit from the security updates, you just have to configure APT to use our extended LTS repository.

Adding extended LTS repositories to APT

Installing the freexian archive GPG key

The extended LTS repositories are signed with the following GPG key:

sec   rsa4096 2018-05-28 [SC] [expires: 2025-07-18]
uid           [ultimate] Extended LTS Repository <>

To enable this key in your APT configuration, you have the following choices:

  • manually install the freexian-archive-keyring package with wget && sudo dpkg -i freexian-archive-keyring_2020.09.19_all.deb
  • manually fetch the key with sudo wget -O /etc/apt/trusted.gpg.d/freexian-archive-extended-lts.gpg

You might want to double check that the key fingerprint outputted by apt-key finger matches the one shown above.

sources.list entries for APT

For Debian 8 jessie

Here’s what you should put in /etc/apt/sources.list.d/extended-lts.list:

deb jessie-lts main contrib non-free

Note that this repository only contains the security updates, not all packages from Debian 8. If you want all packages from Debian 8, you should keep another repository pointing to a Debian 8 mirror.

We do provide a repository combining all Debian 8 packages and our security updates, but please use it only for small setups:

deb jessie main contrib non-free

Be nice, use local mirrors/caches

There are currently no mirrors of this service and it runs on a single dedicated server. If you have many machines to keep secure, please make a local mirror (or use some cache) and point your machines to your local mirror (or cache) instead of pointing them to the repositories provided by Freexian.