On Fri, 29 Jan 2021 07:55:30 -0500, Greg Wooledge wrote: > So, your Subject as received by me, after I un-mangle it, reads something > like this: > > If some package have serious bug and fixed on > unstable and testing release, how long it will be available on stable > release? Yes, this is the email title. Sorry for long title.
> The answer to this question is: however long it takes for the current > testing to become stable.If wait the current testing become stable and the current stable become old-stable. It will take very longer and the serious exploit wont be fix, if I take your sentence. It not what I understand and what I expect from Debian release since it recommend stable release for production.
> A fix to a bug in Debian 11 as testing will NEVER be backported into > Debian 10 as stable. A stable release is frozen in amber. It only > gets security fixes, or major bug fixes. Not general bug fixes.The CVE is major bug and need security fix if you read my sentence previous.
It mentioned here[1] "At any given time, there is one stable release of Debian, which has the support of the Debian security team. When a new stable version is released, the security team will usually cover the previous version for a year or so, while they also cover the new/current version. Only stable is recommended for production use."
If I understand, It mean Buster (the current stable release) has the support of Debian security team and previous version (which mean stretch release), here. I expecting the fix also should be apply on stable. Please correct me if I read it wrong.
1. https://wiki.debian.org/DebianReleases -- Email: Robbi Nespu <robbinespu AT SPAMFREE gmail DOT com> PGP fingerprint : D311 B5FF EEE6 0BE8 9C91 FA9E 0C81 FA30 3B3A 80BA PGP key : https://keybase.io/robbinespu/pgp_keys.asc
OpenPGP_0x0C81FA303B3A80BA_and_old_rev.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
