The pinning would be a file named, say, reluctant-ceres in /etc/apt/preferences.d/ with perhaps the foolwing content:

Package: *
Pin: release n=ceres
Pin-Priority: 90

Adding to sources could be, say, two lines in the file /etc/apt/sources.list with something like the following in it:

deb http://deb.devuan.org/merged ceres main
deb-src http://deb.devuan.org/merged ceres main

Following that preparation, you would first apt-get update and then selectively install by including the desired ceres version code, for example, for that openvpn, you may have:

apt-get install openvpn=2.7.1-1devuan1

The pinning will make it remain so that nothing gets installed from ceres "automatically", ever; including even updates of installed ceres packages. It must all be by hand. If the desired package requires a ceres version of something else, then apt will tell that and refuse installation.

Further, if you want to roll back a ceres package, you again install the package with the desired version code. Doing so will downgrade that package to the indicated version code. Always use apt-cache policy openvpn (or whichever package is concerned) to see which versions you, with your sources, have available for installation (or upgrade or downgrade).

hth, Ralph.

https://backports.debian.org/trixie-backports/overview/

To add the backports repository:

https://www.devuan.org/os/packages#add- … default-no

And to install the package:

https://dev1galaxy.org/viewtopic.php?pid=27079#p27079

first question: once version 2.7 makes it to freia will it ever be back-ported?

relatedly, is there a way to check which packages are in the process of being back-ported?

second question: is there a best-practice for adding a single package from testing to stable?

my initial thought is to download the .deb and install via dpkg -i, overwriting the installed openvpn files. i would prefer to keep the existing version, 2.6.14-1+deb13u1devuan, and have the version 2.7 openvpn as a second option. is that doable?