On 2014-10-08 15:07, Matus UHLAR - fantomas wrote:
What about squeeze-updates (formerly volatile)?
Are they still needed?
Are security fixes applied to packages in squeeze or
squeeze-updates?
That question doesn't make sense. squeeze-updates is a strict subset
of squeeze (technically squeeze+o-p-u, until a point release). There
are never packages in squeeze-updates which are not also in
squeeze+o-p-u.
this is what I wanted to know and what I hoped for...
I think I have already asked about that some time ago.
On 08.10.14 13:32, Adam D. Barratt wrote:
It's also explained in the dda mail that's linked to from every mail
to debian-stable-announce@lists.
hmmm I did not get this, sorry.
I was asking, when there are different packages in squeeze and
squeeze-updates (volatile), to which one are security patches applied.
It's easier if we stop talking about squeeze-updates.
The real question is "if there are different packages in squeeze and
squeeze-proposed-updates, to which one are security patches applied" and
the obvious answer is squeeze-proposed-updates, as that's what will
become squeeze at the next point release. (If the package in -updates is
newer than squeeze, then it is either the same as or older than the
package in proposed-updates; if the package in -updates is the same or
older than squeeze then it's irrelevant).
[...]
and also others from openjdk-6 family:
Those are all the same source package. And, no, they weren't missed.
The openjdk-6 updates were unfortunately not able to be included, as
mentioned in
https://lists.debian.org/debian-announce/2014/msg00006.html (albeit
only by DSA reference).
Specifically, because the openjdk-6 DSA packages for wheezy FTBFS on
some architectures, wheezy currently contains 6b27-1.12.5-1. Accepting
the squeeze-security packages as part of a point release would have
led to oldstable having a higher version of the packages than stable
on some architectures, which would be broken.
Is this still applicable?
We only have 2 architectures in LTS and if we want to clear security
updates, it would be good that security updates were still available...
Updating openjdk-6 in LTS to a version > 6b27-1.12.5-1 will still cause
the same problem, yes. I haven't checked the archive constraints for
-lts, but certainly having it contain more recent packages than wheezy
would at the very least break the principle of least surprise.
... and even the vice versa, seems (left from before last point
release?)
postgresql-client:
Installed: (none)
Candidate: 8.4.22-0+deb6u1
Version table:
8.4.22-0+deb6u1 0
500 http://ftp.sk.debian.org/debian/ squeeze-lts/main amd64
Packages
8.4.21-0squeeze1 0
500 http://ftp.sk.debian.org/debian/ squeeze/main amd64
Packages
8.4.20-0squeeze1 0
500 http://security.debian.org/ squeeze/updates/main amd64
Packages
I'm unsure what you believe the issue is here - 8.4.20-0squeeze1 was a
security update, 8.4.21-0squeeze1 was not.
the point was just that it's apparently useless to have older version
in
security updates than there's in main archive....
Ah, okay. That's been the case for $ever though - packages aren't
removed from security just because they've been superseded in the main
archive.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/d89b35e3fc157912e5209aaa1caad...@mail.adsl.funky-badger.org
