Re: Role of stable suites
Hi,
On Wed, Feb 20, 2019 at 02:54:55PM +0100, Lucas Nussbaum wrote:
> My understanding (please correct me):
>
> * security fixes are uploaded by the security team to debian-security
Yes.
> * non-security major fixes can be uploaded by any DD (and DM?) to
> stable-proposed-updates
Yes. The target suite is a release codename, but dak places uploads in
a "NEW" queue from where they are accepted into stable-proposed-updates
(spu) or rejected. spu is in fact an alias for <codename>-proposed-updates.
> * the stable suite is only updated when point releases happen
Yes.
> * point releases are basically: the (stable) release team reviews
> packages in debian-security and stable-proposed-updates, and allows
> them to migrate to the stable suite.
The review happens in advance and buildds do their work before a point
release can be made. The release itself is (mostly) just about promoting
those packages to stable.
> Now, questions:
>
> * what's the relation between debian-security and
> stable-proposed-updates? Are packages from debian-security
> automatically copied to stable-proposed-updates so that they can later
> be included in the next point release?
Yes.
> * what's the relation between stable-proposed-updates and
> stable-updates? Does the release team pick packages in
> stable-proposed-updates and allow them to migrate to stable-updates?
Yes. It's a separate suite for releasing non-security updates in advance of
the point release, where urgency is required.
> * what's the role of stable-updates?
> https://wiki.debian.org/StableUpdates says "This path will be used for
> updates which many users may wish to install on their systems before
> the next point release is made, such as updates to virus scanners and
> timezone data." But there are other packages in it, such as
> unbound/1.6.0-3+deb9u1, which is older than the version in stable. Are
> the DNS-related packages in stable-updates there because of updates to
> the list of root servers?
All packages in stable-updates get an announcement, in this case
https://lists.debian.org/debian-stable-announce/2017/09/msg00002.html
> * Are packages in stable-updates copied to stable when stable point
> releases happen? (I have the impression that they aren't, but am not
> sure)
No, policy is that packages are copied from spu to stable-updates. In other
words, packages must already be part of a forthcoming point release (just
as bugs must be fixed in unstable before a stable package is accepted).
> * What is the logic behind not cleaning stable-updates and
> debian-security when stable point releases happen? keep things around
> for people who only have those suites, no 'stable', in sources.list?
Yes. Apparently a very small number of people have sensitive installations
and consume only security updates, not errata.
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Reply to: