Re: Security updates to wheezy-backports vs. -sloppy

To: Colin Watson <cjwatson@debian.org>
Cc: debian-backports@lists.debian.org
Subject: Re: Security updates to wheezy-backports vs. -sloppy
From: Christian Hofstaedtler <zeha@debian.org>
Date: Mon, 18 Jan 2016 12:16:31 +0100
Message-id: <[🔎] 20160118111630.GA30722@percival.namespace.at>
In-reply-to: <[🔎] 20160117174201.GA14438@riva.ucam.org>
References: <[🔎] 20160117174201.GA14438@riva.ucam.org>

* Colin Watson <cjwatson@debian.org> [160117 18:42]:
> Mainly I just want to confirm that it's OK to cherry-pick security
> patches in this way, rather than the alternative of telling
> wheezy-backports users that they have to use wheezy-backports-sloppy to
> get security fixes.

The contribute instructions[1] (in my reading) explicitly allow this:

"Of course there are some exceptions: Security updates. If your
package had a security update you can upload a new backport even if
its not yet in testing."

Obviously care neds to be taken to not break the upgrade path / version
numbering scheme.

I'd base the wheezy-backports upload on the jessie-security
version, but you'd know best what to base your upload on.

[1] http://backports.debian.org/Contribute/

-- 
 ,''`.  Christian Hofstaedtler <zeha@debian.org>
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-

Reply to:

References:
- Security updates to wheezy-backports vs. -sloppy
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: linux-image 4.3.3 bcache stability patches
Next by Date: Re: linux-image 4.3.3 bcache stability patches
Previous by thread: Re: Security updates to wheezy-backports vs. -sloppy
Next by thread: Security bug in Linux kernel
Index(es):
- Date
- Thread