Control: tag -1 moreinfo Hi,
On Wed, Mar 06, 2019 at 11:51:45PM +0100, Hector Oron wrote: > OK, I tried, and to be honest, stable isn't perfect either, since > distro lifecycle is longer than application support, so not allowing > newer upstream versions in stable is problematic security wise in the > long term. open-build-service is not the only one in this category, > there are many packages in the same situation and it'd be nice to find > a common solution for all those. What is upstream's approach to stable security updates like? How long is a stable series maintained? Is it realistic to cherry-pick fixes from new upstream releases for buster's lifetime? New upstreams in stable aren't a problem in themselves, but when not all new upstream releases are suitable (e.g. mixing bug fixes and features) the effect can be to block further releases, and make fixing high severity bugs harder. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51