Security updates

[Steve Langasek]

On Thu, Dec 28, 2006 at 09:50:22PM +0100, Mike Hommey wrote:
> > I don't care about version numbers of things you upload to unstable for
> > etch, I only care about what shows up in a debdiff.  I think that policy is
> > spelled out pretty clearly, or do you have questions about it?

> To make it very clear : do you prefer security updates or new upstreams
> (security updates + version change + minor functional changes) ?

Prefer?  Targetted fixes for the bugs in question, of course. :)

On Thu, Dec 28, 2006 at 10:15:17PM +0100, Mike Hommey wrote:
> Considering there have been uploads of new upstreams for icedove and
> iceweasel, already... the question will actually be, will you refuse
> to push them in etch ?

Probably not, no.  The freeze policy is in place because these guidelines
give as good a heuristic as possible for keeping the RC bug count moving in
the right direction.  Right now, iceweasel not being in testing is blocking
at least a half dozen RC bugfixes from reaching testing, both in getting rid
of firefox and in getting other extension packages updated.  So if the new
upstream version is the best way to get these packages into testing, then
that's where we'll start.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/