Control: tags -1 + moreinfo On Wed, 2017-07-05 at 00:40 +0200, Thomas Goirand wrote: > Steve found out that the OpenStack images do not include the security > update repositories by default in Stretch (though it's ok for Wheezy > and Jessie). This was fixed in version 1.20 of openstack-debian-images > which I uploaded to sid. It's this commit: > > https://anonscm.debian.org/cgit/openstack/openstack-debian-images.git/commit/?id=2a78166a6c4ee5ee2b25dc5ed37323f761337bbd > > It's not as bad as it sounds though, because as soon as you boot the > image, cloud-init manages the sources.list and add the security > repositories, then performs an update. Though I still believe this > deserves a fix ASAP anyway. > > Would it be ok to just get version 1.20 into the next point release? > Or should I prepare the exact same change in a 1.19+deb9u1 version > (which IMO would be missleading)?
We can't "just get" a package from unstable into a point release. It needs reuploading via proposed-updates, whether as 1.19+deb9u1 or 1.20~deb9u1. I fail to see why this package should be different from every other in that respect. As usual, please provide a debdiff of the proposed source package, built and tested on stable, so that it can be confirmed. Regards, Adam
