Re: let me understand this - packages delay

To: debian-user@lists.debian.org
Subject: Re: let me understand this - packages delay
From: Greg Wooledge <greg@wooledge.org>
Date: Tue, 8 Feb 2022 16:31:03 -0500
Message-id: <[🔎] YgLhF8Mu7W3naUbq@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 14883a84-2688-cfc6-38c4-584ecee2d063@caloro.ch>
References: <[🔎] 14883a84-2688-cfc6-38c4-584ecee2d063@caloro.ch>

On Tue, Feb 08, 2022 at 10:17:48PM +0100, Maurizio Caloro wrote:
> keep asking myself why there are such big version differences
> between the publisher and the packages.

You mean, between upstream and Debian?

> -Buster 10.11-
> ii  postfix 3.4.14-0+deb10u1, was announced June 27, 2020
> ii  dovecot-core 1:2.3.4.1-5+deb10u6, was announced Feb 5, 2019
> ii  spamassassin 3.4.2-1+deb10u3, was announced Sep 16, 2018
> ii  openssl 1.1.1d-0+deb10u7, was announced Sep 11, 2018

Buster is a stable release.  It's not even the *current* stable release.
It's one iteration behind.

A stable Debian release is a snapshot of a set of packages at a moment
in time.  The versions of the packages that are included in the release
are fixed.  They do not change once the release has occurred.  This is
what the word "stable" means in Debian's nomenclature.

This is a *beneficial feature* for those of us who like systems that
are known to work.  Using postfix as an example, when you installed
Debian buster, you got postfix version 3.4.14 with some known set of
patches applied by Debian.  This version was tested for some number of
months or years, and no critical bugs were found in it during that
period (or if there were, they got fixed).  So now, there is some
measure of trust.  You know that this version is unlikely to fail in
some spectacular way.

If a security bug is found, then a new patch will be applied, and you'll
be running postfix version 3.4.14-0+deb10u2 and so on.  There won't be
any incompatible changes, one hopes.  Everything will just continue
working.

Let's speculate for the sake of argument that a later version of postfix
(say, postfix 4.0.0) comes out.  This version introduces a lot of changes.
Some of the lines in the system-wide configuration file no longer have
the same meaning that they used to have under version 3.4.14.  In order
to use the new version of postfix, you would have to edit your config
files.

That's precisely the sort of change that you *don't* want to have to deal
with, and which would be unwelcome on a stable release.

When you upgrade to a newer stable release, there could be incompatible
changes like this.  They'll be mentioned in the release notes, most
likely.  The upgrade procedure will also notify you of such packages,
by displaying a few paragraphs of text in a pager.  You'll have to deal
with these packages as part of your upgrade.

> I see that Bullseye would have newer releases (sorry, i'dont check this now)
> but can this really only be renewed with Package mechanismus, so i need
> to run a global upgrade of the OS?

That's how Debian's releases work.  Each one is a snapshot at a given
point in time.

Reply to:

References:
- let me understand this - packages delay
  - From: Maurizio Caloro <maurizio@caloro.ch>

Prev by Date: let me understand this - packages delay
Next by Date: Re: let me understand this - packages delay
Previous by thread: let me understand this - packages delay
Next by thread: Re: let me understand this - packages delay
Index(es):
- Date
- Thread