On Fri, Oct 01, 2021 at 04:07:03PM +0200, Till Dörges wrote:
Hello all,
Leap 15.3 has 4 update repositories instead of 2 like Leap 15.2 and previous versions:
- repo-backports-update (new as of 15.3) - repo-sle-update (new as of 15.3) - repo-update - repo-update-non-oss
I roughly understand the purpose of the above repos (see e.g. https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.3/#installati...).
But I'd like to know more about the policies/rules which apply to these repos. Questions that come to mind:
- Is the repository really required to get security fixes?
Yes, for all.
- Does the repository contain explicit security fixes? (I.e. are only security fixes applied to existing versions or will new versions from upstream be made available?)
Only security and bugfixes... Usually no version updates.
- Are version numbers (mostly/somewhat/...) kept stable?
Largely. For some packages we do version updates occasionaly, like e.g. chromium and Firefox ESR.
- Does the repository provide patches for zypper or complete RPMs only?
patches.
Is there any document/description that answers these types of questions?
I guess for *repo-backports-update* the policy is more or less that you ship what you (can) get from upstream.
No, it is the openSUSE Leap packages that are not in SLE, but made available to both PackageHub for SLE 15-sp3 and for Leap 15.3.
*repo-sle-update* and *repo-update* seem to contain security fixes and patch definitions (just looked briefly).
How about *repo-backports-update*?
Same.
Previously (e.g. with 15.2) the policy seemed to result in rather stable version numbers, i.e. few updates where minor (or even major) version numbers changed.
This seems to be different for 15.3, particularly when looking at backports-update.
The policy is still the same. Leap 15.3 is just pieced together out of 3 different sources instead of 1. (+ nonfree for each) But the update rules for 15.3 are the same as for 15.2.
But that's all guesswork and I couldn't find anything documentation for that.
Perhaps this helps a bit: https://news.opensuse.org/2021/07/19/leap-gains-maintenance-update-improveme...
On example package that I stumbled across is
--- snip --- leap153:~ # zypper se -s ruby2.5-rubygem-i18n [...] S | Name | Version | Arch | Repository --+---------------------------+-------------------+--------+----------- | ruby2.5-rubygem-i18n | 0.9.1-1.21 | x86_64 | repo-oss | ruby2.5-rubygem-i18n-0_6 | 0.6.11-bp153.1.16 | x86_64 | repo-oss | ruby2.5-rubygem-i18n-1.1 | 1.1.1-bp153.1.16 | x86_64 | repo-oss | ruby2.5-rubygem-i18n-1.8 | 1.8.10-bp153.2.1 | x86_64 | repo-backports-update --- snip ---
My current understanding is that I can simply chose from any of the above versions, but none was released because of security reasons.
And if so, would there be security updates for e.g. ruby2.5-rubygem-i18n-0_6 or ruby2.5-rubygem-i18n-1.1? And where would they be published?
These are parallel packages for 4 different i18n rubygem versions. Security updates would be there for either of those 4 (if applicable). Ciao, amrcus