Ian Fleming wrote: "Once is happenstance. Twice is coincidence. The
third time it's enemy action." I've only got as far as coincidence so
far, but it's still enough to make me wonder.
The following bugs on openssh both report problems with applying a
recent security update on bookworm, because it depends on a libssl3
version that was added to bookworm in a point release:
https://bugs.debian.org/1098272
https://bugs.debian.org/1099091
This is clearly (to my mind) a misconfiguration, so I've rejected them
as bugs on openssh: we don't support installing only security updates
and never upgrading to packages from new point releases, because those
aren't rigorously separate streams: security updates are built against
the stable suite and so may pick up versioned dependencies against it.
But seeing two users who seem to have their systems configured this way
makes me wonder what's going on. Does anyone know of documentation
somewhere that recommends configuring stable systems this way?
Thanks,
--
Colin Watson (he/him) [cjwat...@debian.org]
