1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108338: preapproval for unblock: erlang/1:27.3.4.1+dfsg-1 or erlan

    From Sergei Golovan@21:1/5 to [email protected] on Mon Jul 7 16:10:01 2025
    XPost: linux.debian.devel.release

    Hi Paul,

    On Mon, Jul 7, 2025 at 4:44 PM Paul Gevers <[email protected]> wrote:

    Hi Sergei,

    Sorry for taking a while.

    On 6/27/25 09:25, Sergei Golovan wrote:
    Can you please check our FAQ [1] and try to answer the questions listed
    in the "new upstream" section? I'll note that erlang is a key package.

    Sorry, I was too brief in theis bugreport. Should've added more detail.


    Thanks for your further comments. Can you still answer whether there's
    an upstream policy for a release like this one? Judging from the
    numbering, upstream considers this a fix release, but I'm guessing here.
    Do they have a policy (that you can link) for such releases?

    I don't know about a formal policy document which would describe bugfix
    or feature releases. As far as I know, there are three major releases supported upstream at any moment. For now they are 28, 27 and 26. Releases like
    28.1, 28.2 etc are considered as feature releases, releases like 28.1.2, 28.1.3 are considered as bugfix releases, though occasionally they include some
    new features. After the next major release (28 in our case) is out, the previous
    release version freezes (27.3.4 in our case), and then only bugfixes are committed into it, with versions like 27.3.4.1, 27.3.4.2 etc.). Usually, new major release happens in May or June, so we don't follow these
    minor-minor releases
    closely (as we are already in a deep freeze when they start to appear). We never
    updated versions in debian/stable to such releases, and only
    cherry-picked changes
    that were important enough. The current situation is a bit special, because trixie is still not stable and 27.3.4.1 contains an important fix
    (along with a few
    other smaller fixes).


    In my opinion, not only fixing CVE-2025-4748, but also at least
    changes in SSH are useful
    enough to be included in trixie. Fixes for crashes in the Erlang shell improve usability
    as well (though I never experienced them myself).


    Sounds like we should do this, but knowing upstreams policy would make
    me more confident.

    Unfortunately, I can't find any formal policy. On the other hand, the changes in 27.3.4.1 are not too intrusive, as I can see.

    Cheers!
    --
    Sergei Golovan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)