# stable
deb http://ftp.de.debian.org/debian/ sarge main contrib non-free
deb-src http://ftp.de.debian.org/debian/ sarge main contrib non-free
deb http://ftp.de.debian.org/debian-non-US/ sarge/non-US main contrib non-free
deb-src http://ftp.de.debian.org/debian-non-US/ sarge/non-US main contrib non-free

# testing
deb http://ftp.de.debian.org/debian/ testing main contrib non-free
deb-src http://ftp.de.debian.org/debian/ testing main contrib non-free

# unstable
deb http://ftp.de.debian.org/debian/ unstable main contrib non-free
deb-src http://ftp.de.debian.org/debian/ unstable main contrib non-free

# security updates
deb http://security.debian.org/ sarge/updates main contrib non-free
deb http://security.debian.org/ testing/updates main contrib non-free

# sarge backports
deb http://www.backports.org/debian/ sarge-backports main

# Marillat's multimedia packages
deb http://www.debian-multimedia.org/ sarge main
deb http://www.debian-multimedia.org/ etch main

Read this first to understand what's that about:

• http://www.argon.org/~roderick/apt-pinning.html
• http://jaqque.sbih.org/kplug/apt-pinning.html

/etc/apt/preferences

Package: *
Pin: release o=Debian,a=stable
Pin-Priority: 900

Package: *
Pin: release o=Debian,a=testing
Pin-Priority: 400

Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 300

Package: *
Pin: release a=sarge-backports
Pin-Priority: 200

Package: *
Pin: release o=Debian
Pin-Priority: -1

If you get errors like this:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907

You need to add the repositories key, fetch it from a public keyserver (the keyid are the last 8 chars):

#> gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 1F41B907
#> gpg --armor --export 1F41B907 | apt-key add -