On Thu, January 20, 2011 03:18, Paul Wise wrote: > On Thu, Jan 20, 2011 at 10:59 AM, Brian May > <br...@microcomaustralia.com.au> wrote: > >> What is policy when security updates for stable introduce new >> regressions in software that weren't there before? Can these get fixed >> in stable? > > If a stable security update contained a regression, usually that is > fixed with an update in the stable security archive. Please ping the > maintainer and CC the security team about this. You will also want to > unarchive the bug so that it can be closed again.
Indeed, if an update via stable-security introduces regressions then these will usually be fixed via a further upload to stable-security. In this case, although the update was security related, it was actually made via proposed-updates as part of the 5.0.5 point release. Much the same applies in cases such as this, however. Alerting the maintainer should be the first step, with a CC to the Release Team being appreciated. > I also wonder why the security team didn't pick this up, I guess they > don't have any automatic tracking of bugs filed against versions they > uploaded. I can't speak for the security team, but it's non-trivial for the Release Team to track all bugs filed against the version of a package in lenny and then determine whether the problem could have been introduced in a stable update. There's some great ongoing work to help ensure that RC bugs are correctly tagged and versionned to indicate whether they affect stable releases, and to help get them fixed where it's been determined that they do. For lower severity bugs, we do very much rely on maintainers and other interested parties bringing the issue to our attention. Once we're aware of the problem we're more than happy to get it fixed via a future point release; as with any such update, minimal, targetted and well tested patches are appreciated. Regards, Adam -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/9ed67fdb1a765f1a4a2a3a5cf71c58d5.squir...@adsl.funky-badger.org
