[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to handle an update that includes a regression fix and a new fix?

Thanks Ola and Emilio both for the helpful pointers.



On Tue, Dec 15, 2020 at 12:30:17PM +0100, Emilio Pozuelo Monfort wrote:
> On 15/12/2020 02:16, Roberto C. Sánchez wrote:
> > I am curious if there is a policy or best practice for how to handle a
> > package update containing both a regression fix and also a fix for a new
> > vulnerability.
> > 
> > If such a thing is not advisable or permissible, then is it best to
> > handle the regression as one update and then follow-up with the new
> > vulnerability fix as a subsequent update?
> Just one update, and one announcement as a new DLA (-1) mentioning the
> regression fix. See e.g.
> https://lists.debian.org/debian-security-announce/2020/msg00139.html
> https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
> https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Roberto C. Sánchez

Reply to: