Hi, Thanks to adsb comment on IRC, let me give a bit more info.
FYI, between 3.5.0 and 3.5.4, there's 160+ commits, which makes it indeed, impossible to review.
However, in the OpenVSwitch world, whenever a new upstream release is cut, in this case, 3.5, a new branch is created, and receives only bugfix. Upstream release 3.5.4, compared to 3.5.0, is only a bugfix release of the 3.5, and contains no additional feature.
Also, openvswitch contains an extensive set of unit test that are running at build time. Also, in my experience in production, running the latest point release is always preferred, as it contains numerous bugfixes.
All of this makes me very confident that using 3.5.4 for the update in Trixie is the way to go. Not only it contains bugfixes only, but it also is well tested.
If the release team decides it's not a good idea to upgrade Trixie to 3.5.4, I'll still feel like it's the wrong choice, but I'll understand it's too hard to review, and I'll try to do a cherry-pick of the CVE fix anyways.
Please let me know one direction or another. Cheers, Thomas Goirand (zigo)
