Re: security.debian.org vs debian-lts respository

[Matus UHLAR - fantomas <uhlar@fantomas.sk>]

> > > > What about squeeze-updates (formerly volatile)?
> > > > Are they still needed?
> > > > Are security fixes applied to packages in squeeze or squeeze-updates?

> > > That question doesn't make sense. squeeze-updates is a strict 
> > > subset of squeeze (technically squeeze+o-p-u, until a point 
> > > release). There are never packages in squeeze-updates which are 
> > > not also in squeeze+o-p-u.

> > this is what I wanted to know and what I hoped for...
> > I think I have already asked about that some time ago.

On 08.10.14 13:32, Adam D. Barratt wrote:
> It's also explained in the dda mail that's linked to from every mail 
> to debian-stable-announce@lists.

hmmm I did not get this, sorry.

I was asking, when there are different packages in squeeze and
squeeze-updates (volatile), to which one are security patches applied.

[...]

> > and also others from openjdk-6 family:

> Those are all the same source package. And, no, they weren't missed.
>
> The openjdk-6 updates were unfortunately not able to be included, as 
> mentioned in 
> https://lists.debian.org/debian-announce/2014/msg00006.html (albeit 
> only by DSA reference).
>
> Specifically, because the openjdk-6 DSA packages for wheezy FTBFS on 
> some architectures, wheezy currently contains 6b27-1.12.5-1. 
> Accepting the squeeze-security packages as part of a point release 
> would have led to oldstable having a higher version of the packages 
> than stable on some architectures, which would be broken.

Is this still applicable?

We only have 2 architectures in LTS and if we want to clear security
updates, it would be good that security updates were still available...

> > ... and even the vice versa, seems (left from before last point 
> > release?)
> >
> > postgresql-client:
> >  Installed: (none)
> >  Candidate: 8.4.22-0+deb6u1
> >  Version table:
> >     8.4.22-0+deb6u1 0
> >        500 http://ftp.sk.debian.org/debian/ squeeze-lts/main amd64 
> > Packages
> >     8.4.21-0squeeze1 0
> >        500 http://ftp.sk.debian.org/debian/ squeeze/main amd64 
> > Packages
> >     8.4.20-0squeeze1 0
> >        500 http://security.debian.org/ squeeze/updates/main amd64 
> > Packages
>
> I'm unsure what you believe the issue is here - 8.4.20-0squeeze1 was 
> a security update, 8.4.21-0squeeze1 was not.

the point was just that it's apparently useless to have older version in
security updates than there's in main archive....

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.