Package version updates policy

Ubuntu's policy on this is described on the Stable Release Updates page in the Wiki.

These policies are all driven by the (perfectly reasonable) fear of introducing regressions and causing inconvenience to existing users for bugs which didn't otherwise affect them. If bind9 is updated in a stable release and production servers fail or unacceptably change behaviour as a result, then that's a disaster for Ubuntu. Users will legitimately complain that a stable release failed to remain stable for them, and many would not consider "upstream did it" as a reasonable excuse; especially for the majority of them for whom the bugfix update was unnecessary anyway. "Unacceptably change behaviour" can mean different things for different users; for a stable release, any change in behaviour may be deemed unacceptable.

The SRU policy of minimal, verifiable fixes to stable releases only serves to prevent this scenario.

If upstreams provide bugfix releases, then these can approved for acceptance on a standing basis, subject to the micro release exceptions policy.

But most packages in Ubuntu are based on Debian. Deviating from Debian always comes at the cost of extra work and so this kind of change can only be done if someone can commit to maintaining the extra burden that this creates.

The stable release team makes decisions on individual updates, and the technical board makes decisions on standing micro release exceptions.

Perhaps bind's bugfix release branch is suitable for a micro release exception. In this case, somebody needs to drive, gather the upstream policy, regression history and so forth, put together a proposal and put it forward to the technical board for consideration.