On Wed, Jun 23, 2021 at 5:03 PM Timo Sirainen timo@sirainen.com wrote:
Hmm. That kind of symlinks haven't been done before either, so it's not at least a change from previous Dovecot repository behavior. Also it would be a bit tricky - how would you install 2.3.14 specifically if it became a symlink? I guess we could always make it 2.3.14.0 and add 2.3.14 symlink to it, but that also feels a bit wrong since there never was 2.3.14.0 release exactly.
I would expect *all* versions starting with "2.3.14" to be in the
ce-2.3.14 repository. In this case, the packages for 2.3.14 and
2.3.14.1 would be in ce-2.3.14. Then we let the package manager work
its magic to ensure we have the latest patch/security version
installed. The way it is now, there is literally no way to receive the
2.3.14.1 security update without manually updating your apt source
lists to ce-2.3.14.1 which makes me question the value of using a
repo in the first place.
If someone, for some reason, specifically wants to install the
previous 2.3.14 release, they can pin that version or do apt-get install dovecot-core=2.3.14 && apt-mark hold dovecot-core
The same would go for ce-2.3-latest, which would contain binary
packages for 2.3.14, 2.3.14.1, 2.3.15, and any future versions.
Regular users would get the latest 2.3.15 release as normal, but
advanced users can pin to a specific version prefix, e.g.:
Package: dovecot-core Pin: version 2:2.3.14* Pin-Priority: 1000
For reference, look at Google's Kubernetes repository (https://packages.cloud.google.com/apt/). They provide every historical version in a single repository. I think this is an intuitive way of doing it, that also allows (and suggests) the user to use apt's somewhat powerful pinning mechanisms to select desired versions.
- Eirik