> It follows on from the package update policy for Debian stable,
> which is that bug-fixes for packages are always back-ported to the
> original pacakge version. Thus, over the lifetime of a stable release,
> the "upstream" part of the package version will never change (although
> the debian patch version will). This implies that no security upgrade
> will ever attempt to install new packages. The safe-upgrade option
> matches this policy, and won't ever try to install new packages
> automatically as a result of the upgrade.
So what would happen in the event that a security upgrade *did* require
new packages[1]?
I recognise that this would be a deviation from the Policy - but people
are human; mistakes happen.
Would safe-upgrade refuse to install the security upgrade, or would it
pull in the new dependency?
It strikes me - and I could easily have misunderstood the distinction here
- that the latter case here would make the option entirely irrelevant, but
the former, whilst guarding against deviations of Policy by the repo
maintainers, leaves known, patched problems in place.
Have I got that right?
Vic.
[1] The argument "that would never happen" requires that every repo
maintainer never makes a mistake, ever. Aside from that being an unlikely
situation, it also begs the question: why do we need an option to protect
against such occurrences if they are entirey impossible?
