[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security.debian.org vs debian-lts respository

Sorry for bringing this again, but...


On 08.10.14 13:32, Adam D. Barratt wrote:

Those are all the same source package. And, no, they weren't missed.
The openjdk-6 updates were unfortunately not able to be included, as mentioned in https://lists.debian.org/debian-announce/2014/msg00006.html (albeit only by DSA reference).
Specifically, because the openjdk-6 DSA packages for wheezy FTBFS on some architectures, wheezy currently contains 6b27-1.12.5-1. Accepting the squeeze-security packages as part of a point release would have led to oldstable having a higher version of the packages than stable on some architectures, which would be broken. 


On 2014-10-08 15:07, Matus UHLAR - fantomas wrote:

Is this still applicable?

We only have 2 architectures in LTS and if we want to clear security
updates, it would be good that security updates were still available...


On 08.10.14 17:01, Adam D. Barratt wrote:
Updating openjdk-6 in LTS to a version > 6b27-1.12.5-1 will still cause the same problem, yes. I haven't checked the archive constraints for -lts, but certainly having it contain more recent packages than wheezy would at the very least break the principle of least surprise. 

this would cause problems only when updating from squeeze with security
updates to wheezy without security updates...  is that still an issue?

and to get back to the old point of this thread:

there are still people having installed packages from squeeze/updates,
if they remove this repository from sources.list, they will have unknown
version installed, which is not nice thing...


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]
Reply to: