Stable channel update policy for programs with update checkers

schmittlauch · November 13, 2018, 8:20am

As far as I understood, only security-relevant fixes are supposed to be backported to a stable channel during its life-cycle.
But some packages don’t really declare whether an update is security-relevant and, even worse, include their own update checks. These are for example zeal or zotero.

How do we want to deal with these packages?

patch out the update checks and don’t update
don’t patch out the update checks and update them once the checker is triggered
patch out the update check but also update the package in the stable channel

Mic92 · November 13, 2018, 1:22pm

Disable the update checks (if possible), update on master and backport them if it falls into a category described: [RFC 0029] Backports team by samueldr · Pull Request #29 · NixOS/rfcs · GitHub

Some applications that depend on external services might always need a backport to function correctly i.e. dropbox.