[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spamassassin security update in Debian jessie LTS

Hi Mike,

On Fri, Jan 31, 2020 at 10:01:05PM +0000, Mike Gabriel wrote:
> Hi Ola, Noah,
> On  Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
> > Hi
> > 
> > Spamassassin (and a few other packages) are handled a little differently
> > compared to most packages in Debian.
> > 
> > I'd advise that we go for the latest release. The only reason I see why we
> > would not, would be if we introduce some major backwards compatibility
> > issue.
> > 
> > // Ola
> Looking into a 3.4.4-1 backported to jessie (i.e. 3.4.4.-1~deb8u3) right
> now...

Please don't (unless, see below). Noah did already outline what is
going to be released for stable and oldstable, the patches are
extracted and applied. He referenced the needed patches.

Now if you are going still the route of backporting 3.4.4 (btw. the
version should be either 3.4.4-0+deb8u1 or if it's most backporting
the version minus packaging changes to be reverted 3.4.4-1~deb8u1),
then please first work on getting 3.4.4 backports in oldstable and
stable accordingly. SRM would need to agree on having those versions
rebased. Otherwise after your release of the DSA we will have that
jessie version of spamassassin is higher than the versions in stretch
and buster.

Hope this helps.


Reply to: