Antoine Beaupre writes ("[Pkg-xen-devel] Bug#907835: newer version in stable"): > Source: xen > Version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 > Severity: serious > > The version of the Xen packages in unstable and buster is lower than > the one in Debian stretch. That seems highly irregular and will > obviously break upgrades to buster. > > The reason this is marked as "serious" is because I consider this a > "severe violation of Debian policy". This would be section 3 of the > Debian policy, although it curiously does not explicitely state that > versions between different suites should be incrementing.
I agree that this is an RC bug. Fixing it by removing the packages from buster wouldn't help, though. > I still consider this a release critical bug and that new upstream > packages should first be uploaded to unstable, unless there is a > security issue (which is the case here) in which case they should be > simultaneously uploaded to both suites. The 4.8-based security updates have not been going to sid/buster for rather obscure reasons. We have packages for 4.11 in preparation, so hopefully this will become irrelevant soon. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.