On Monday 27 June 2005 20:39, Marek Olejniczak wrote: > I don't understand the philosophy of Debian security team. It's really > so difficult to push into sarge spamassassin 3.0.4 which is not > vulnerable? This version is in Debian testing and why this version > can't be push into stable? Seems that you don't understand the philosophy of the 'stable' release either. The basic rule for stable is: "no new upstream versions allowed". This means security updates for spamassassin need to be backported to 3.0.3 (excluding any functional changes). Even if 3.0.4 contains only the security fix, it will still be backported and released as 3.0.3-1sarge1 or something like that.
Attachment:
pgpUS5hTz0GGd.pgp
Description: PGP signature