Hi Bastien, On Mon, Dec 01, 2025 at 09:42:10PM +0100, Bastien Roucaries wrote: > Le lundi 1 décembre 2025, 20:35:16 heure normale d’Europe centrale Moritz > Mühlenhoff a écrit : > > On Sun, Nov 30, 2025 at 07:03:32PM +0100, Bastien Roucaries wrote: > > > Hi, > > > > > > What is the rails security update policy ? > > > > > > Should I backport patches individually or should we update to last stable > > > sub version ? > > > > For rails it's fine to follow the releases (for as long as they are > > supported and then we move on to cherrypicking patches) > Ok so: > - for trixie I will do a sid backport
maybe it was self-exlanatory and this remark is not needed: if you do a backport, you need to have some assurance that additional changes are actually suitable for the lower suite. If not you would do actually a version import on top of the current pacakging (i.e. the -0+deb13u1 versioning scheme). That said, I have not looked in detail if the changes between the current trixie and unstable versions fall into that class, it is more as a general remark about the procedure. Regards, Salvatore
