Re: Security fixes in debian-sid during debain 'freeze'
On Wed, Dec 03, 2025 at 19:23:11 +0000, Joe wrote:
> On Wed, 03 Dec 2025 18:57:07 +0000
> mailinglist.drool895@aleeas.com wrote:
>
> > I just wanted to know that, what happens to security fixes to debian
> > sid packages during debian package freeze near release? Do sid gets
> > them or not?
>
> Yes. The sid distribution doesn't freeze, and in fact when testing
> freezes, this is when a huge number of new packages arrive in sid,
> which were in some way incompatible with what was frozen in testing.
First of all, sid *never* gets security updates, per se. It's not
supported by the security team. Any security fixes sid receives
are just fortuitous uploads by the regular package maintainer, usually
just a new upstream version, which may contain security fixes if the
upstream version had any.
Second, sid *does* go into a sort of quasi-freeze mode when a release
is imminent. Maintainers are asked to hold any updates to sid for a
little while, in order to ensure that nothing interferes with the
release.
Third, most people should NOT BE RUNNING SID!
Why do people do this.... :-(
> If the fixed sid packages are relevant to testing, the fix will be
> transferred. The freeze is about software versions, and does not
> prevent bug fixing of the frozen versions, which is of course the whole
> point of the freeze.
I don't think this paragraph is accurate. Packages in sid are not
cherry-picked for migration to testing. They're migrated automatically
when they meet various criteria (primarily "has been in sid for X days"
and "has no release critical bugs"). The freeze process does throw
a wrench into the works, though.
Reply to: