Hi Salvatore, hi Noah, On Sa 01 Feb 2020 14:01:36 CET, Salvatore Bonaccorso wrote:
Hi Mike, On Fri, Jan 31, 2020 at 10:01:05PM +0000, Mike Gabriel wrote:Hi Ola, Noah, On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote: > Hi > > Spamassassin (and a few other packages) are handled a little differently > compared to most packages in Debian. > > I'd advise that we go for the latest release. The only reason I see why we > would not, would be if we introduce some major backwards compatibility > issue. > > // Ola Looking into a 3.4.4-1 backported to jessie (i.e. 3.4.4.-1~deb8u3) right now...Please don't (unless, see below). Noah did already outline what is going to be released for stable and oldstable, the patches are extracted and applied. He referenced the needed patches. Now if you are going still the route of backporting 3.4.4 (btw. the version should be either 3.4.4-0+deb8u1 or if it's most backporting the version minus packaging changes to be reverted 3.4.4-1~deb8u1), then please first work on getting 3.4.4 backports in oldstable and stable accordingly. SRM would need to agree on having those versions rebased. Otherwise after your release of the DSA we will have that jessie version of spamassassin is higher than the versions in stretch and buster. Hope this helps. Regards, Salvatore
Salvatore, thanks for your feedback on this. You are right.First, I, by now, have a spamassassin 3.4.4-1<deb8uX-suffix> that builds and works on jessie (and should similarly build and work on stretch/buster, with some minor DH related changes required).
I get the point about the need of having 3.4.4 in stretch/buster before shipping it in jessie. Acknowledged.
So, I'd like to play the ball back to Noah. Do you think, that applying the security patches is sufficient for spamassassin in stretch/buster? Or have their been so many other fixes(TM) that justify an upstream backport to jessie/stretch/buster.
Esp. I am thinking about future compatibilitiy with (upstream'ish) ruleset updates when those are performed on a Debian (old(old))stable system using sa-update.
For jessie, I will follow what Noah will be doing in stretch+buster, then. Valid point. Thanks for bringing it up again, Salvatore.
Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgp5QCINRcwOS.pgp
Description: Digitale PGP-Signatur