Fwd: Libreoffice 6.3.5/6?
On Wed, 4 Dec 2019, Thorsten Glaser wrote:
>
> On Wed, 4 Dec 2019, pk wrote:
>
> > - Delay the upload of 6.4.0 long enough that 6.3.5 gets into backports
> > and can be installed?
>
> The backport then MUST be upgraded to the version 6.4.0 once
> it’s in testing, so you’d not gain any security guarantees.
Security would not be an issue, because
- apt-mark hold is necessary anyway, to prevent the update to .0.
- Few, if any, security fixes are released for minor updates that
follow .0 after 6/8 months (which is roughly .5/.6), according to the
wiki's "list of fixed bugs compared to the previous version" (example
[1]).
- As a desktop user, without the complex data exchange requirements of
an office, I have separate user accounts for work, personal and
random/untrusted stuff, which makes non-root LO unusable as an attack
vector.
> > - Or have a separate package libreoffice-3.6 in backports, to be
> > removed from the repo when it's EOL upstream, and kept locally with
>
> No, only things that are in testing *and* are intended to be
> shipped in the next stable are allowed in backports.
>
> Backports are a thing you use when you want “what’ll be shipped
> in the next Debian stable” on the current stable already. They
> are not an arbitrary packaging mechanism.
I see. Thanks for clarifying.
[1]: https://wiki.documentfoundation.org/Releases/6.2.8/RC1
thanks
Reply to: