On Fri, 29 Jan 2021 07:55:30 -0500, Greg Wooledge wrote: > So, your Subject as received by me, after I un-mangle it, reads something > like this: > > If some package have serious bug and fixed on > unstable and testing release, how long it will be available on stable > release? Yes, this is the email title. Sorry for long title. > The answer to this question is: however long it takes for the current > testing to become stable.If wait the current testing become stable and the current stable become old-stable. It will take very longer and the serious exploit wont be fix, if I take your sentence. It not what I understand and what I expect from Debian release since it recommend stable release for production.
> A fix to a bug in Debian 11 as testing will NEVER be backported into > Debian 10 as stable. A stable release is frozen in amber. It only > gets security fixes, or major bug fixes. Not general bug fixes.The CVE is major bug and need security fix if you read my sentence previous.
It mentioned here "At any given time, there is one stable release of Debian, which has the support of the Debian security team. When a new stable version is released, the security team will usually cover the previous version for a year or so, while they also cover the new/current version. Only stable is recommended for production use."
If I understand, It mean Buster (the current stable release) has the support of Debian security team and previous version (which mean stretch release), here. I expecting the fix also should be apply on stable. Please correct me if I read it wrong.
1. https://wiki.debian.org/DebianReleases -- Email: Robbi Nespu <robbinespu AT SPAMFREE gmail DOT com> PGP fingerprint : D311 B5FF EEE6 0BE8 9C91 FA9E 0C81 FA30 3B3A 80BA PGP key : https://keybase.io/robbinespu/pgp_keys.asc
Description: OpenPGP digital signature