Hans-Christoph SteinerA popular dev culture these days is bult on always pulling in the latest library #updates whenever possible. There can be good reasons to do that but new library code must still be reviewed. Or at least, confirm that the maintainers have been doing that, and still are. If you've even been through a code audit, it becomes crystal clear that dependencies are part of the #security profile. #Debian provides another layer of review. I use deps from Debian and review when updating packages, to share.
Dragon@eighthave lock a version and risk going out of date, pull latest and break or pull something nasty.
Damned if you do damned if you don’t (not suggesting either way is better)