On Fri, 2016-01-15 at 19:47 +0000, startrekfan wrote: > Hello, > > I'm not sure which mailing list I should chose. So I'll try my luck here. > > I didn't subscribed to the mailing list. So* please put my mail address > into cc*. thanks. > > *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This > version is outdated and has some security risks!!*. Version 3.5 is more > secure but unfortunately it's only marked as unstable You seem a bit confused about how Debian releases work. Within any stable release, we apply bug fixes only - unless it's impossible for us to provide security support for the old upstream version. Our package of squid 3.4.8 does have a security fix on top of the upstream version: https://tracker.debian.org/news/702659 So far as we know, there are no important security issues still affecting the version in jessie: https://security-tracker.debian.org/tracker/source-package/squid3 Do you know otherwise? Ben. > So I'd like to request to mark Version 3.5 as stable.(But Version 3.5 in > stable state) > > thank you -- Ben Hutchings The program is absolutely right; therefore, the computer must be wrong.
Description: This is a digitally signed message part