Having switched from Ubuntu to Debian Squeeze and pondering ways to combine the security of a largely stable operating system with the additional functionality afforded by individual newer software packages, I recently wondered: Apt pinning seems complicated, why not just add testing sources to sources.list and use apt-get -t testing to get whatever newer packages I need? I can now answer this question for myself: because if you are under the impression that upgrade tools like apt-get and Synaptic are aware of the “current distribution” and will never upgrade beyond that unless explicitly told so, then that impression is wrong, even if apt-get’s occasional “keeping back” packages and the name of the command to override this (dist-upgrade) may suggest it. You will thus inadvertently upgrade your whole system to a non-stable branch. And when you finally notice it, you will then, more out of a desire for purity than out of actual concern for your system’s security, use Apt pinning to try and perform a downgrade. The downgrade will fail halfway through because the pre-remove script for something as obscure as openoffice.org-filter-binfilter has an obscure problem, leaving you with a crippled system and without even Internet access to try and get information on how to resolve the issue. By this point, reinstalling from scratch seems more fun than any other option. And so I did.
Another lesson learned: Do use the first DVD to install Debian, it contains a whole lot of very useful things such as network-manager-gnome or synaptic that are not included with the CD and that are a hassle to install one by one. And there’s also a new unanswered question: why did the i386 DVD install an amd64 kernel?