Synchronising with Ubuntu
On Mon, Aug 03, 2009 at 03:55:16PM +0000, Anthony Towns wrote:
> etch: 2006/12 - 2007/04 (decent hit for feisty's import freeze)
> lenny: 2008/07 - 2009/02 (decent hit for jaunty's import freeze)
>
> dapper and hardy are the two Ubuntu LTS releases so far, dapper reached
> its desktop end-of-life a couple of weeks ago. feisty hit its end-of-life
> in October last year. I'm just extrapolating from karmic's release
> schedule; I haven't checked the schedules weren't different historically.
>
> Based on that, comparing universe packages in etch-vs-feisty and
> lenny-vs-jaunty for version differences, and any differences in security
> updates could be interesting, actually.
Turns out it kind-of is, too.
First, basics:
etch: froze in December 2006, released in April 2007; still supported
feisty: DebianImportFreeze in Dec 2006, UpstreamVersionFreeze in Feb 2007,
released in April 2007; support ended October 2008
Comparison between etch/main and feisty/main+universe by source:
6874 exact same source
132 only in Debian
2273 only in Ubuntu
600 newer upstream version in Debian
1538 newer upstream version in Ubuntu
1079 Ubuntu has Vebian bersion with ubuntuXX patch
As at today (2009/08/11) etch/feisty security support compare as follows:
63 packages with security updates in both Debian and Ubuntu (11
same version, 8 where Debian has new upstram, 28 where Ubuntu has
new upstream, 16 where Ubuntu applied patches to Debian version)
5 updates in Debian to Debian only packages
7 updates in Ubuntu to Ubuntu only packages
31 updates in Debian to packages with the exact same source in Ubuntu
6 updates in Ubuntu to packages with the exact same source in Debian (!)
42 packages updated in Debian but not Ubuntu (6 where Debian has
newer upstream, 30 where Ubuntu has newer upstream, and 6 with
ubuntuXX patches)
15 packages updated in Ubuntu but not Debian (4 where Debian has
newer upstream, 6 where Ubuntu has newer upstream, and 5 with
ubuntuXX patches)
Of the 31 updates Ubuntu's missing, only one is from feisty/main,
and that lcms 1.15-1.1+etch3, which was DSA-1684-1 (etch1), DSA-1745-1
(etch2) and DSA-1745-2 (etch3), which were released on Dec 10, 2008,
March 20, 2009 and March 25, 2009; well after feisty's end of life in
October 2008.
The 6 updates it seems like should be a no-brainer for Debian to pull are:
clamcour 0.2.2-1.2+feisty2 universe/mail
dansguardian 2.8.0.6-antivirus-6.4.4.1-4build1~feisty2 universe/web
denyhosts 2.6-1ubuntu0.1 universe/net
dircproxy 1.0.5-5ubuntu0.1 universe/net
dokuwiki 0.0.20061106-6ubuntu0.1 universe/web
jasper 1.701.0-2ubuntu0.7.04 libs
The only USN I can find covering these is for jasper, namely USN-501-1.
In any event, seems like there's more room for collaboration there at
first glance.
I've half done the same analysis for lenny/jaunty; but apparently it's time
for pizza.
Cheers,
aj
Reply to: