[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: maintaining debian-security-support in stable, oldstable (and oldoldstable)

On Sun, May 31, 2020 at 05:13:02PM +0200, Chris Hofstaedtler wrote:
> > i just dont think releasing d-s-s updates via point releases makes sense.
> > and often they also dont warrant a security/lts update as they come with
> > DSAs/DLAs and mostly the d-s-s updates are based on DSA/DLAs and thus such
> > DSA/DLAs would just refer to the other ones.
> May I ask you to expand on "why" a little bit, please?

because following point releases *and* keeping the versions always in
correct order means that d-s-s in jessie can only be updated once d-s-s
in stretch has been updated, which needs to wait for the next buster pointrelease.

Right now d-s-s in unstable and sid has information about EOL of unbound in
stretch. (which is not in the d-s-s package in neither buster nor stretch.)

And while I could certainly handle this with (more or less) complicated 
branches, I wouldnt know which (date based) version number I'd use, except
to resorting to updating the date-based version number to the current date
and breaking ordering.

*Maybe* the right fix for that versioning problem is to change the versioning
scheme and go for 0:11~20200611 for bullseye and 0:10~20200611+deb10u3 for
buster (etc). - that would require simple branches and would keep the
date in the version while making it meaningless for the ordering. Just not
sure whether this warrants introducing an epoch.

> Personally I don't know about the process for when d-s-s gets
> updated. 

There's basically none. I'd like to establish one.


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature

Reply to: