On Wed, Dec 03, 2025 at 19:23:11 +0000, Joe wrote: > On Wed, 03 Dec 2025 18:57:07 +0000 > [email protected] wrote: > > > I just wanted to know that, what happens to security fixes to debian > > sid packages during debian package freeze near release? Do sid gets > > them or not? > > Yes. The sid distribution doesn't freeze, and in fact when testing > freezes, this is when a huge number of new packages arrive in sid, > which were in some way incompatible with what was frozen in testing.
First of all, sid *never* gets security updates, per se. It's not supported by the security team. Any security fixes sid receives are just fortuitous uploads by the regular package maintainer, usually just a new upstream version, which may contain security fixes if the upstream version had any. Second, sid *does* go into a sort of quasi-freeze mode when a release is imminent. Maintainers are asked to hold any updates to sid for a little while, in order to ensure that nothing interferes with the release. Third, most people should NOT BE RUNNING SID! Why do people do this.... :-( > If the fixed sid packages are relevant to testing, the fix will be > transferred. The freeze is about software versions, and does not > prevent bug fixing of the frozen versions, which is of course the whole > point of the freeze. I don't think this paragraph is accurate. Packages in sid are not cherry-picked for migration to testing. They're migrated automatically when they meet various criteria (primarily "has been in sid for X days" and "has no release critical bugs"). The freeze process does throw a wrench into the works, though.
