On Tue, Feb 10, 2026 at 10:43:23AM +1100, Dmitry Smirnov wrote: > On Saturday, 7 February 2026 8:47:34 pm Australian Eastern Daylight Time Adam > D. Barratt wrote: > > I noticed that there's a zabbix upload in the stable-new queue for > > trixie, which appears to have been prepared by you. > > > > It's quite a large update (a gzip of the debdiff is 8MB and the > > diffstat "1995 files changed, 519537 insertions(+), 268166 deletions(- > > )"), but I can't see a p-u bug or any other discussion about the > > upload. > > Discussion happened in [email protected] primarily with Moritz > Mühlenhoff. Agreement was to treat Zabbix akin to "firefox-esr" > with direct upload to stable/proposed-updates because "zabbix" > package follows upstream "LTS" releases that are reasonably > conservative in regards to changes. (Large diff is partially due > to non-code changes in templates, etc.) >...
I would guess your discussion with the security team was about something slightly different: This was likely about the *contents* of the updates being new upstream versions, instead of cherry-picking CVE fixes. The *process* for such updates stays the same - discussion with the security team for DSAs or p-u bug for non-DSA updates. In theory the stable release managers are not bound by anything you agreed with the security team, but in practice the they will accept a new stable version instead of backporting fixes if you mention the agreement with the security team in the p-u bug. cu Adrian
