On Sat, 16 Apr 2022 at 10:15, Peter J. Holzer <hjp-pyt...@hjp.at> wrote: > It doesn't (or at least you can't conclude that from the evidence you > posted). > > There is a subdirectory called "debian" in the build directory of every > .deb package. This is true on Debian, Ubuntu and every other > distribution which uses the .deb package format. This directory is > required by the build tools and it contains all the data (e.g. build > instructions, dependencies, patches, description, extra documentation) > which was added by the packager. The name of the directory does not > imply that any of the files there was created by Debian. I have built > quite a few packages myself and I'm not a member of the Debian team.
Actually I don't care if the package was made by Debian. I'm sure that it does not, since the Ubuntu packages have other terminology in versions. For example, the git package is version 2.17.1-1ubuntu0.10 The important fact is that I suppose it's quite evident that the Ubuntu team uses Debian patches to release their security updates, since the release notes are public and worldwide, made by a professional company, they are not made by an amateur. Furthermore I checked all the security updates my system released when we started this discussion, and all of them have release notes that contain information about security patches made by Debian. Only the security updates have these infos. Is it an amazing coincidence? I suppose no. Furthermore, you didn't answer my simple question: why does the security update package contain metadata about Debian patches, if the Ubuntu security team did not benefit from Debian security patches but only from internal work? I suppose I have to answer myself: because the patch applied by Ubuntu _is_ actually a Debian patch. The more interesting fact is that I checked all the security updates and it seems they are only applications of Debian patches. So it seems that the work of the Ubuntu security team is only to apply Debian security patches. If so, probably Debian is really more secure than Ubuntu, since I don't know if all the security patches made by Debian are applied. -- https://mail.python.org/mailman/listinfo/python-list
