Work in progress

When a Debian stable version is released, debian offers security updates for those packages shipped with the distribution.

Up to 0.7.1 version, we encouraged the usage of these updates through the usual way, that is: using the security apt source.

Everything has gone smoothly with these updates until apache-perl was updated. The main issue was that as we use runit to supervise and manage the system services, apache-perl must start/stopped through runit. The apache-perl package tried to stop apache-perl using invoke.rc-d, which is absolutely fine. The problem is we did not take this into consideration and what we got was an update process which froze the upgrading process as the postinst was unable to stop apache properly.

It is true that there is an option to set a local policy to manage the init scripts which we could have taken advantage of. But the point here is, as we do not know what kind of issues we are going to face with the security updates, we consider better to provide our security updates. These updates were the same updates as the ones provided by Debian, but they will be checked by us before uploading to the repository, in case we detect any issue, we will modify the package to work around the issue.