Re: Role of stable suites

To: debian-release@lists.debian.org
Cc: lucas@debian.org
Subject: Re: Role of stable suites
From: Jonathan Wiltshire <jmw@debian.org>
Date: Wed, 20 Feb 2019 14:22:00 +0000
Message-id: <[🔎] 20190220142200.GA8147@powdarrmonkey.net>
In-reply-to: <[🔎] 20190220135455.fi3jm2pcbpkrudcg@xanadu.blop.info>
References: <[🔎] 20190220135455.fi3jm2pcbpkrudcg@xanadu.blop.info>

Hi,

On Wed, Feb 20, 2019 at 02:54:55PM +0100, Lucas Nussbaum wrote:
> My understanding (please correct me):
> 
> * security fixes are uploaded by the security team to debian-security

Yes.

> * non-security major fixes can be uploaded by any DD (and DM?) to
>   stable-proposed-updates

Yes. The target suite is a release codename, but dak places uploads in
a "NEW" queue from where they are accepted into stable-proposed-updates
(spu) or rejected. spu is in fact an alias for <codename>-proposed-updates.

> * the stable suite is only updated when point releases happen

Yes.

> * point releases are basically: the (stable) release team reviews
>   packages in debian-security and stable-proposed-updates, and allows
>   them to migrate to the stable suite.

The review happens in advance and buildds do their work before a point
release can be made. The release itself is (mostly) just about promoting
those packages to stable.

> Now, questions:
> 
> * what's the relation between debian-security and
>   stable-proposed-updates? Are packages from debian-security
>   automatically copied to stable-proposed-updates so that they can later
>   be included in the next point release?

Yes.

> * what's the relation between stable-proposed-updates and
>   stable-updates? Does the release team pick packages in
>   stable-proposed-updates and allow them to migrate to stable-updates?

Yes. It's a separate suite for releasing non-security updates in advance of
the point release, where urgency is required.

> * what's the role of stable-updates?
>   https://wiki.debian.org/StableUpdates says "This path will be used for
>   updates which many users may wish to install on their systems before
>   the next point release is made, such as updates to virus scanners and
>   timezone data." But there are other packages in it, such as
>   unbound/1.6.0-3+deb9u1, which is older than the version in stable. Are
>   the DNS-related packages in stable-updates there because of updates to
>   the list of root servers?

All packages in stable-updates get an announcement, in this case
https://lists.debian.org/debian-stable-announce/2017/09/msg00002.html

> * Are packages in stable-updates copied to stable when stable point
>   releases happen? (I have the impression that they aren't, but am not
>   sure)

No, policy is that packages are copied from spu to stable-updates. In other
words, packages must already be part of a forthcoming point release (just
as bugs must be fixed in unstable before a stable package is accepted).

> * What is the logic behind not cleaning stable-updates and
>   debian-security when stable point releases happen? keep things around
>   for people who only have those suites, no 'stable', in sources.list?

Yes. Apparently a very small number of people have sensitive installations
and consume only security updates, not errata.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Reply to:

Follow-Ups:
- Re: Role of stable suites
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Role of stable suites
  - From: Lucas Nussbaum <lucas@debian.org>

Prev by Date: Role of stable suites
Next by Date: libgphoto2 - fetch new upstream 3 lines code
Previous by thread: Role of stable suites
Next by thread: Re: Role of stable suites
Index(es):
- Date
- Thread