Re: spamassassin update
Hi,
On Mon, 02 Feb 2015, Matt Palmer wrote:
> On Sun, Feb 01, 2015 at 09:49:15AM -0800, Noah Meyerhans wrote:
> > Let me know if I should go ahead with this upload, or if anything else
> > is needed.
>
> You should not go ahead with this upload.
>
> > diff -Nru spamassassin-3.3.1/debian/changelog spamassassin-3.3.1/debian/changelog
> > --- spamassassin-3.3.1/debian/changelog 2013-03-12 08:06:16.000000000 -0700
> > +++ spamassassin-3.3.1/debian/changelog 2015-01-31 22:51:43.000000000 -0800
> > @@ -1,3 +1,11 @@
> > +spamassassin (3.3.1-1.2) squeeze-lts; urgency=medium
> > +
> > + * Export perl_version to rules. (Closes: 771408)
>
> Based on my reading of that bug report, it is not an appropriate bug to be
> addressed in a security update.
I disagree with you. While it would be nice to not have to do it, my
reading of the above report is that users who are (auto-) downloading the
latest rules will have problems (even if only an annoying warning) with
spamassassin in oldstable and this deserves to be fixed in oldstable.
While the problem might no longer happen today, it will resurface once
Spamassassing 3.5 is released.
Also the update has been accepted in wheezy:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771495
Thus it fits the criteria of the stable release managers and ought be be
accepted in squeeze-lts.
BTW, while I appreciate that you took the time to review this change, I
find it a bit disturbing that you spoke with so much authority while
we have no official "release manager" deciding what's OK or not.
Noah, if I were you, I would proceed with the update after some careful
tests. Our current procedure requires to send a "DLA" mail to
debian-lts-announce explaining the change to stable users. See
http://wiki.debian.org/LTS/Development
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: