Received: from mx1.tetrasec.net (mx1.tetrasec.net [66.245.176.36])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 152D8782B70
	for <~alpine/users@lists.alpinelinux.org>; Wed, 24 Feb 2021 16:19:55 +0000 (UTC)
Received: from mx1.tetrasec.net (mail.local [127.0.0.1])
	by mx1.tetrasec.net (Postfix) with ESMTP id 33F0D1AA044;
	Wed, 24 Feb 2021 16:19:54 +0000 (UTC)
Received: from ncopa-desktop.lan (67.63.200.37.customer.cdi.no [37.200.63.67])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: alpine@tanael.org)
	by mx1.tetrasec.net (Postfix) with ESMTPSA id 62A5F1AA043;
	Wed, 24 Feb 2021 16:19:53 +0000 (UTC)
Date: Wed, 24 Feb 2021 17:19:47 +0100
From: Natanael Copa <ncopa@alpinelinux.org>
To: Philip Couling <couling@gmail.com>
Cc: ~alpine/users@lists.alpinelinux.org
Subject: Re: What's the definition of stable?
Message-ID: <20210224171947.195902cb@ncopa-desktop.lan>
In-Reply-To: <C8402E24-B03E-4D8D-A907-57DE4C5E8865@gmail.com>
References: <C8402E24-B03E-4D8D-A907-57DE4C5E8865@gmail.com>
X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Wed, 24 Feb 2021 14:58:25 +0000
Philip Couling <couling@gmail.com> wrote:

> This might seem a dumb question, but I*m looking for a definitive
> answer regarding package *stability* in the main repositories (main,
> community).  What I*m looking for specifically is whether or not
> Alpine will release new versions of stable libraries to old *stable*
> releases.
>=20
> This question is effectively split two ways:
> Do these packages receive security updates? - I assume they do.

Yes. We provide security updates.

> Will entirely new versions of packages get released?

Depends a bit. We may update the package to a new version if it is
unlikely that the update will break anything. We may backport the
security fix with a patch.

The goal is that you should be able to use a stable branch and not be
afraid of doing `apk upgrade` to get security updates.

> So if I start with alpine 3.12 and *apk add python3 py3-numpy*, is it
> safe to assume that I will always get the same version of *numpy"
> (notwithstanding security fixes)?

At this stage, alpine 3.12 will only get security updates. So you will
always get the same version unless there are security issues (or other
major bugs are reported).

alpine 3.13 may get bug fixes in addition to security fixes, but new
versions are not automatically added to 3.13.

In both cases, you are supposed to be able to `apk add python3
py3-numpy` and be safe that things does not break when you apk upgrade.
We should not push API or ABI breaking changes to stable branches.
(there have been a few exceptions ofc)



>=20
> Thanks