On Tue, 20 Feb 2018, Vincent Bernat wrote: > ❦ 20 février 2018 09:05 +0200, Arto Jantunen <viiru@debian.org> : > > >> Moreover, backports do not accept security patches. You can only push a > >> version in testing (or unstable). Notably, if the version in testing is > >> not easily backportable (because of new dependencies), you may wait > >> quite some time before you get a security update. > > > > Also not true. You can request an exception to this for your security > > update, but you do need to communicate about this with the backports > > team before uploading. > > Also? What was not true? The Debian Backports FAQ? > > The exception you mention is not documented. It is also likely to just be > rejected: > > http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/2017-November/002070.html > > And the backport team has been pretty clear this is not the right way to > maintain backports: > > https://lists.debian.org/debian-backports/2017/05/msg00059.html That does mean we don't want that packages are "maintained" that way in backports. For a one time security patch, you can always ask for an exception. But this is just to give the maintainer more time to update the backport with the new version from testing/unstable. So speaking as one of the backports ftpmasters: No, backports doesn't have official security support in the meaning that the team is tracking and looking after security issues in backports. Nevertheless every backporter has to care about security, we do expect that uploaders care about their packages - this does of course include security support. For some specific security problem, you can always talk with us about an (short living) exception to give the maintainer more time and keep our users save. What we don't want is people maintaining packages in that way in backports. Source of backports are testing/stable (for old-stable-backports) and in some times (security) unstable. We do expect that every package follows those suites. If a maintainer doesn't want/can this, backports is the wrong place for maintaing that package. Hope that helps Alex - Backports ftp-master
Attachment:
signature.asc
Description: PGP signature