As far as I understood, only security-relevant fixes are supposed to be backported to a stable channel during its life-cycle.
But some packages don’t really declare whether an update is security-relevant and, even worse, include their own update checks. These are for example zeal
or zotero
.
How do we want to deal with these packages?
- patch out the update checks and don’t update
- don’t patch out the update checks and update them once the checker is triggered
- patch out the update check but also update the package in the stable channel