Hi, On Wed, Feb 20, 2019 at 02:54:55PM +0100, Lucas Nussbaum wrote: > My understanding (please correct me): > > * security fixes are uploaded by the security team to debian-security
Yes. > * non-security major fixes can be uploaded by any DD (and DM?) to > stable-proposed-updates Yes. The target suite is a release codename, but dak places uploads in a "NEW" queue from where they are accepted into stable-proposed-updates (spu) or rejected. spu is in fact an alias for <codename>-proposed-updates. > * the stable suite is only updated when point releases happen Yes. > * point releases are basically: the (stable) release team reviews > packages in debian-security and stable-proposed-updates, and allows > them to migrate to the stable suite. The review happens in advance and buildds do their work before a point release can be made. The release itself is (mostly) just about promoting those packages to stable. > Now, questions: > > * what's the relation between debian-security and > stable-proposed-updates? Are packages from debian-security > automatically copied to stable-proposed-updates so that they can later > be included in the next point release? Yes. > * what's the relation between stable-proposed-updates and > stable-updates? Does the release team pick packages in > stable-proposed-updates and allow them to migrate to stable-updates? Yes. It's a separate suite for releasing non-security updates in advance of the point release, where urgency is required. > * what's the role of stable-updates? > https://wiki.debian.org/StableUpdates says "This path will be used for > updates which many users may wish to install on their systems before > the next point release is made, such as updates to virus scanners and > timezone data." But there are other packages in it, such as > unbound/1.6.0-3+deb9u1, which is older than the version in stable. Are > the DNS-related packages in stable-updates there because of updates to > the list of root servers? All packages in stable-updates get an announcement, in this case https://lists.debian.org/debian-stable-announce/2017/09/msg00002.html > * Are packages in stable-updates copied to stable when stable point > releases happen? (I have the impression that they aren't, but am not > sure) No, policy is that packages are copied from spu to stable-updates. In other words, packages must already be part of a forthcoming point release (just as bugs must be fixed in unstable before a stable package is accepted). > * What is the logic behind not cleaning stable-updates and > debian-security when stable point releases happen? keep things around > for people who only have those suites, no 'stable', in sources.list? Yes. Apparently a very small number of people have sensitive installations and consume only security updates, not errata. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51