[Pkg-xen-devel] Bug#907835: Bug#907835: newer version in stable
Ian Jackson
ijackson at chiark.greenend.org.uk
Wed Sep 5 12:36:54 BST 2018
Antoine Beaupre writes ("[Pkg-xen-devel] Bug#907835: newer version in stable"):
> Source: xen
> Version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
> Severity: serious
>
> The version of the Xen packages in unstable and buster is lower than
> the one in Debian stretch. That seems highly irregular and will
> obviously break upgrades to buster.
>
> The reason this is marked as "serious" is because I consider this a
> "severe violation of Debian policy". This would be section 3 of the
> Debian policy, although it curiously does not explicitely state that
> versions between different suites should be incrementing.
I agree that this is an RC bug. Fixing it by removing the packages
from buster wouldn't help, though.
> I still consider this a release critical bug and that new upstream
> packages should first be uploaded to unstable, unless there is a
> security issue (which is the case here) in which case they should be
> simultaneously uploaded to both suites.
The 4.8-based security updates have not been going to sid/buster for
rather obscure reasons. We have packages for 4.11 in preparation, so
hopefully this will become irrelevant soon.
Ian.
--
Ian Jackson <ijackson at chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
More information about the Pkg-xen-devel
mailing list