On Wed, Dec 3, 2025 at 2:33 PM Greg Wooledge <[email protected]> wrote: > > On Wed, Dec 03, 2025 at 19:23:11 +0000, Joe wrote: > > On Wed, 03 Dec 2025 18:57:07 +0000 > > [email protected] wrote: > > > > > I just wanted to know that, what happens to security fixes to debian > > > sid packages during debian package freeze near release? Do sid gets > > > them or not? > > > > Yes. The sid distribution doesn't freeze, and in fact when testing > > freezes, this is when a huge number of new packages arrive in sid, > > which were in some way incompatible with what was frozen in testing. > > First of all, sid *never* gets security updates, per se. It's not > supported by the security team. Any security fixes sid receives > are just fortuitous uploads by the regular package maintainer, usually > just a new upstream version, which may contain security fixes if the > upstream version had any. > > Second, sid *does* go into a sort of quasi-freeze mode when a release > is imminent. Maintainers are asked to hold any updates to sid for a > little while, in order to ensure that nothing interferes with the > release. > > Third, most people should NOT BE RUNNING SID! > > Why do people do this.... :-(
The reason that comes to mind is a rolling release. Some folks want an up-to-date as possible version of Debian. They don't want to go to Arch, Gentoo or other rolling releases. > > If the fixed sid packages are relevant to testing, the fix will be > > transferred. The freeze is about software versions, and does not > > prevent bug fixing of the frozen versions, which is of course the whole > > point of the freeze. > > I don't think this paragraph is accurate. Packages in sid are not > cherry-picked for migration to testing. They're migrated automatically > when they meet various criteria (primarily "has been in sid for X days" > and "has no release critical bugs"). The freeze process does throw > a wrench into the works, though. Jeff
