[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating scanners and filters in Debian stable (3.1)

On Tue, Sep 14, 2004 at 02:10:17PM +0100, Martin Michlmayr wrote:
> Maybe we should just relax the stable update policy for such packages,
> and others which would benefit from regular updates (e.g. drivers).

I think we do need to come up with a mechanism to allow functionality
updates between stable releases.

What are we saying to our users by not doing this?  Are we saying that
they're better off not using something like an IDS?  Can we really not
offer our users the benefit of using packages such as ClamAV,
SpamAssassin, or Snort within the Debian system?

People have suggested additional sections in the archive for packages
like this...  So how 'bout this idea: A new section, possibly entitled
"volatile".  Packages in this section declare that they may change, but
only between point releases of the OS.  Dependencies of such packages
also belong in volatile.  Before a package in volatile can be updated to
a new upstream version, maintainers of packages that depend on this
package must sign off that their package is compatible with the new
version, or they must provide a new package to maintain compatibility.

The security team only needs to support the most recent version of the
package in "volatile", since in general they only support packages in
the latest point release of stable anyway.  Users who don't install
packages from volatile don't have to worry about running vulnerable
packages due to security holes or outdated databases or whatever, since
they don't have these packages installed to begin with.

Comments?  I just came up with this off the top of my head, making it up
as I went along, so it's very possible that I've overlooked something.


Attachment: pgpUs3y7BD6n6.pgp
Description: PGP signature

Reply to: