On Thu, January 20, 2011 03:18, Paul Wise wrote:
On Thu, Jan 20, 2011 at 10:59 AM, Brian May
<brian@microcomaustralia.com.au> wrote:
What is policy when security updates for stable introduce new
regressions in software that weren't there before? Can these get fixed
in stable?
If a stable security update contained a regression, usually that is
fixed with an update in the stable security archive. Please ping the
maintainer and CC the security team about this. You will also want to
unarchive the bug so that it can be closed again.
Indeed, if an update via stable-security introduces regressions then these
will usually be fixed via a further upload to stable-security. In this
case, although the update was security related, it was actually made via
proposed-updates as part of the 5.0.5 point release.
Much the same applies in cases such as this, however. Alerting the
maintainer should be the first step, with a CC to the Release Team being
appreciated.
I also wonder why the security team didn't pick this up, I guess they
don't have any automatic tracking of bugs filed against versions they
uploaded.
I can't speak for the security team, but it's non-trivial for the Release
Team to track all bugs filed against the version of a package in lenny and
then determine whether the problem could have been introduced in a stable
update.