On Tue, Feb 08, 2022 at 10:17:48PM +0100, Maurizio Caloro wrote: > keep asking myself why there are such big version differences > between the publisher and the packages.
You mean, between upstream and Debian? > -Buster 10.11- > ii postfix 3.4.14-0+deb10u1, was announced June 27, 2020 > ii dovecot-core 1:2.3.4.1-5+deb10u6, was announced Feb 5, 2019 > ii spamassassin 3.4.2-1+deb10u3, was announced Sep 16, 2018 > ii openssl 1.1.1d-0+deb10u7, was announced Sep 11, 2018 Buster is a stable release. It's not even the *current* stable release. It's one iteration behind. A stable Debian release is a snapshot of a set of packages at a moment in time. The versions of the packages that are included in the release are fixed. They do not change once the release has occurred. This is what the word "stable" means in Debian's nomenclature. This is a *beneficial feature* for those of us who like systems that are known to work. Using postfix as an example, when you installed Debian buster, you got postfix version 3.4.14 with some known set of patches applied by Debian. This version was tested for some number of months or years, and no critical bugs were found in it during that period (or if there were, they got fixed). So now, there is some measure of trust. You know that this version is unlikely to fail in some spectacular way. If a security bug is found, then a new patch will be applied, and you'll be running postfix version 3.4.14-0+deb10u2 and so on. There won't be any incompatible changes, one hopes. Everything will just continue working. Let's speculate for the sake of argument that a later version of postfix (say, postfix 4.0.0) comes out. This version introduces a lot of changes. Some of the lines in the system-wide configuration file no longer have the same meaning that they used to have under version 3.4.14. In order to use the new version of postfix, you would have to edit your config files. That's precisely the sort of change that you *don't* want to have to deal with, and which would be unwelcome on a stable release. When you upgrade to a newer stable release, there could be incompatible changes like this. They'll be mentioned in the release notes, most likely. The upgrade procedure will also notify you of such packages, by displaying a few paragraphs of text in a pager. You'll have to deal with these packages as part of your upgrade. > I see that Bullseye would have newer releases (sorry, i'dont check this now) > but can this really only be renewed with Package mechanismus, so i need > to run a global upgrade of the OS? That's how Debian's releases work. Each one is a snapshot at a given point in time.
