On Monday 27 June 2005 20:39, Marek Olejniczak wrote:
I don't understand the philosophy of Debian security team. It's really
so difficult to push into sarge spamassassin 3.0.4 which is not
vulnerable? This version is in Debian testing and why this version
can't be push into stable?
Seems that you don't understand the philosophy of the 'stable' release
either. The basic rule for stable is: "no new upstream versions allowed".
This means security updates for spamassassin need to be backported to
3.0.3 (excluding any functional changes).
Even if 3.0.4 contains only the security fix, it will still be backported
and released as 3.0.3-1sarge1 or something like that.