Re: clamav 0.97.1 not coming to squeeze-updates ?
On Mon, Jun 27, 2011 at 03:46:32PM +0000, Camaleón wrote:
> On Mon, 27 Jun 2011 12:07:28 -0300, D G Teed wrote:
>
> > On Mon, Jun 27, 2011 at 11:52 AM, Camaleón <noelamac@gmail.com> wrote:
> >
> >> On Mon, 27 Jun 2011 13:58:43 +0200, Eric Viseur wrote:
>
> (...)
>
> >> > I have a server complaining about clam not being up to date every
> >> > night, so it's getting a little annoying, and I'd like to avoid apt
> >> > -pinning if possible.
> >>
> >> ... for the stable/olstable branch is my understanding that only
> >> security bugfixes are corrected, so if the clamav update does not
> >> closes any serious flaw you will keep seeing the clamav warning at the
> >> logs. But don't worry, your clients are still protected, your AV firms
> >> updated and your files analyzed for any treat.
> >>
> >>
> > This is incorrect.
>
> What exactly do you find incorrect?
>
> > Here are the announcement of squeeze-updates, with a list of reasons
> > why squeeze-updates will push ahead a release...
> > http://lists.debian.org/debian-volatile-announce/2011/msg00000.html
> >
> > It even mentions clamav as one which needs to be current to be useful.
>
> Of course, "squeeze-updates" is the new "volatile", nothing has changed.
>
> > Our expectations for squeeze-updates to release clamav ahead of stable
> > merely to be current are correct.
>
> Then it has to be a new policy. IIRC, not all of the clamav package
> updates reached the stable branch via volatile (now squeeze-updates),
> only those that closed security bugfixes. And I say this because I asked
> this same question here, months ago, and I was told so ;-)
>
> > Note you don't need to use squeeze-updates, so we are opting into
> > something which can be a little more bleeding edge.
>
> Please, note that we are not talking about clamav database updates but
> the package itself. If the policy has changed, good and glad to know, but
> to be sincere, I'm not aware of that and would be nice if someone can
> point to it.
>
> > If you only want security and bug fixes that is handled by security repo
> > and standard stable repo.
>
> I think you are talking about a different issue.
>
I seen this twice prior. Not running a server, I didn't concern myself with
it extensively, but I did observe in consternation.
The Volatile package is outdated but the the sid or testing package isn't.
The wait is somewhere between 2-6 months.
Bug reports happen.
Eventually it shows up in Volatile.
Nothing has changed except the name.
--
Regards,
Freeman
"Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the
answer." --Somebody
Reply to: