Re: Are Debian packages updated within a release?

[John Crawley <john@bunsenlabs.org>]

On 18/01/2025 23:01, Andy Smith wrote:
> After a stable release of Debian is made, future package updates will
> come from the stable-updates suite (e.g. bookworm-updates in the case
> of Debian 12). These updates will in most cases contain the same version
> of the software from stable suite but with a fix for one or more
> security bugs built for it.
>
> In the concrete case of rsync as recently discussed on this list, the
> *Debian* package version as reported by dpkg would be 3.2.7-1 when it
> was originally installed from the Debian 12 release media, but would be
> updated to 3.2.7-1+deb12u2 through package updates that came via the
> bookworm-updates suite in your sources.list. All the time, the actual
> program is going to report 3.2.7 when you type "rsync --version",
> because that is what it is.
>
> When you install Debian it usually enables security updates via an
> -updates suite, so every user of stable should be getting security
> updates.

The *-updates suite is something different from security upgrades.

To get bookworm security upgrades the necessary apt line is something like:

deb  https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

The bookworm-updates suite is a channel for updates that will eventually arrive in a point release, like this from my debian-installer installed sources.list:

# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware

--
John