branch naming for stable security uploads
Dominic Hargreaves
dom at earth.li
Mon Apr 16 02:00:09 BST 2018
On Sun, Apr 15, 2018 at 10:34:35PM +0300, Niko Tyni wrote:
> On Sun, Apr 15, 2018 at 01:54:53PM +0100, Dominic Hargreaves wrote:
> > On Sat, Apr 14, 2018 at 11:10:33PM +0000, Emilio Pozuelo Monfort wrote:
> > > Changes:
> > > perl (5.14.2-21+deb7u6) wheezy-security; urgency=medium
> > > .
> > > * [SECURITY] CVE-2018-6913: heap buffer overflow with large data blocks.
> >
> > FTR, I have imported this into our git repository, but not tagged it.
> > The contents vary from the upload because of patch ordering changes
> > made by git-dpm.
>
> BTW I pushed the stable and oldstable updates to stretch and jessie
> branch respectively, not stretch-security or jessie-security. Does that
> matter? What's the use case for distinguishing between (for instance)
> stretch vs. stretch-security ? Are there circumstances where they might
> diverge?
If a security update comes out when a stable update is already in
preparation it might be relevant. Otherwise, the use case is possibly
just because I like the symmetry of preparing updates in a branch with
the same name as the target distribution. It's one of those things
which happens rarely enough that (and practices vary across different
packages sets) that I would try and double check the relevant branches,
so I don't think it hugely matters.
Dominic.
More information about the Perl-maintainers
mailing list