On Fri, 07 Oct 2016, Adrian Bunk wrote: > > So while it has been used it's not the only one in use in the context > > of the security team. > > It is a different version numbering than the MySQL 5.5 case because it > is a different situation. > > This OpenJDK DSA is not a packaging of a new version for the DSA only > like MySQL 5.5, it is a backport (in this case from experimental): > https://tracker.debian.org/media/packages/o/openjdk-7/changelog-7u111-2.6.7-1~deb7u1
I believe the only reason it's maintained in experimental by the maintainer is so that the security teams can easily backport the source package. It's not in unstable because that version must not ship in stretch. So it's exactly like MySQL, we package new upstream versions of old branches for the purpose of providing them as (old)stable updates. The only difference might be that in one case the bulk of the work is done by the maintainer when in the other case the bulk of the work is done by the security team. But the technical work is the same and the resulting packages have no meaningful differences. (I think I'll stop here the discussion because I believe I have nothing new to bring on the table and we seem to rehash the same thing) Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
