On 02.10.2021 10:11, Marcus Meissner wrote:
On example package that I stumbled across is
--- snip --- leap153:~ # zypper se -s ruby2.5-rubygem-i18n [...] S | Name | Version | Arch | Repository --+---------------------------+-------------------+--------+----------- | ruby2.5-rubygem-i18n | 0.9.1-1.21 | x86_64 | repo-oss | ruby2.5-rubygem-i18n-0_6 | 0.6.11-bp153.1.16 | x86_64 | repo-oss | ruby2.5-rubygem-i18n-1.1 | 1.1.1-bp153.1.16 | x86_64 | repo-oss | ruby2.5-rubygem-i18n-1.8 | 1.8.10-bp153.2.1 | x86_64 | repo-backports-update --- snip ---
My current understanding is that I can simply chose from any of the above versions, but none was released because of security reasons.
And if so, would there be security updates for e.g. ruby2.5-rubygem-i18n-0_6 or ruby2.5-rubygem-i18n-1.1? And where would they be published?
These are parallel packages for 4 different i18n rubygem versions.
Security updates would be there for either of those 4 (if applicable).
ruby2.5-rubygem-i18n-1.8 exists only in backports update repository. If those repositories contain only patches (a.k.a. updates for packages in main repositories) then where is the original package that is being updated? It must come via main OSS repository, right?