I don't know how newbie you are, so i'll explain as much as i can:
/etc/apt/sources.list is a root-only configuration file. So you'll need the root privileges in order to modify it.
On common distributions, you have to login as root on a terminal in order to edit it. To do this, open a terminal and type "su". This means "log me as root". Look at the manual ("man su") to now more.
On Ubuntu, they globalized a (smarter) system in order to have root privilege for a few time. Everything that needs root is managed by the "sudo" system which give normal users some privileges, depending on rules (you can look at the /etc/sudoers file to see these rules). As above, look at the manual ("man sudo") to now more. So in order to edit the apt sources file on Ubuntu, launch a shell and type "sudo nano /etc/apt/sources.list". Like that you say "launch the text editor 'nano' with the root privileges in order to edit the sources.list file". Of course you can change your editor with what you want: emacs, vim, gedit...
Another way to do all that (in an easier way) is to launch synaptic (which begins by asking you your password in order to have the root privileges) and to click on something like "Categories > Repositories" (sorry, my menu is in French, so i just translated it
). There you'll see the same informations than in the sources.list file but organized in a graphical interface. You can change them from here too.
Now, the apt repositories:
Doesn't matter which system you wanted to use in order to change your repositories, you'll find the same logic in each (of course, it's from the same file
)
So, the file is read line by line, one line is one repository. When there is a '#', it's a comment.
- 'deb' or 'deb-src' means that it's a repository for debian packages or source packages (it's quite obvious, isn't it ?
)
- the URL, is the URL to the root directory of the repository on the server, nothing less, nothing more... you can browse them if you want
- then there is an id for your distribution. It could be stable, testing, unstable, experimental or even woody, sarge, etch etc... You'are in testing in your case.
- and at last there is a list of which tree you want to subscribe, by default it's 'main' and in option it can be 'contrib' and/or 'non-free'. Few packages are tolerated in these extra directories, like the nvidia drivers (even if it's not still really easy to install...) or few java stuff. In general these packages aren't under the GPL license and/or aren't completely opened.
So it brings to what you need to do, just change the last line into:
deb
http://security.debian.org/ stable/updates main
And it should work fine! If not, comment it and wait few days (hours?)... it's because the server isn't sync yet.
All this stuff is because while sarge wasn't released as 'stable', they had to 'backport' the security repository, but now everything is back to normal (the security packages shouldn't be in the testing repository, it's absurd
).
For the 'contrib non-free' part... If you're a desktop user, i encourage you to use them... Debian is already unfriendly enough
But BTW i love Debian and i don't expect to change from it (and, yes, i've tried Ubuntu...
)