On Thu, Jan 19, 2023 at 4:55 PM Paul Gevers <elb...@debian.org> wrote: > > Dear Shengjing, > > On 11-01-2023 09:32, Shengjing Zhu wrote: > > This is a point release for golang 1.19 which happens today. > > Where can I find the upstream policy on point release updates? Or, if > not documented in one place, can you describe it? Is 1.19 a bug-fix only > branch already, or are new feature appearing in point release updates > too? In other words, help us assess the risk. >
It's documented at https://go.dev/doc/devel/release#policy Yes, only bug fix. Usually there are only a few commits in each point release. > > [ Impact ] > > > > If we can be closer to upstream latest release, it will be easier to > > backport > > security patch for bookworm. > > That holds for every package, but we're now frozen, so we need to balance. > > > The history record for golang point release doesn't show regressions. > > That's good, are you talking about point release in general, or releases > to stable? For security updates in Debian stable releases, have you also > been uploading new point releases, or did you pick patches every time? > For bullseye, I uploaded the last point release of Go1.15. See https://tracker.debian.org/news/1284112/accepted-golang-115-11515-1deb11u1-source-into-proposed-updates-stable-new-proposed-updates/ It's a bit sad that upstream support is very short, which is 1 year for a major version. For Go1.19, it will EOL on 2023 Aug, which is very close to bookworm release. So I'll try to upload the last point release of Go1.19 in the 12.1 or 12.2 cycle. After that we would only backport security patches back. -- Shengjing Zhu
