Bug#598255: Freeze exception for clamav 0.96.3+dfsg-2

To: Philipp Kern <pkern@debian.org>
Cc: 598255@bugs.debian.org
Subject: Bug#598255: Freeze exception for clamav 0.96.3+dfsg-2
From: Michael Tautschnig <mt@debian.org>
Date: Sun, 3 Oct 2010 19:00:07 +0200
Message-id: <[🔎] 20101003170000.GA99398@l04.thnet>
Reply-to: Michael Tautschnig <mt@debian.org>, 598255@bugs.debian.org
In-reply-to: <[🔎] 20101003150010.GA25258@thrall.0x539.de>
References: <20100927202717.GB26380@l04.local> <[🔎] 20101003150010.GA25258@thrall.0x539.de>

Hi!

> On Mon, Sep 27, 2010 at 10:27:17PM +0200, Michael Tautschnig wrote:
> > Please grant a freeze exception for clamav, version 0.96.3+dfsg-1. For
> > reference, the changelog entries since the last version entering squeeze are
> > listed below. I am aware that this request is not in line with the stricter
> > freeze policy now in effect, but would nevertheless ask for an exception as this
> > version includes a new upstream version with security fixes. In #577013 it was
> > stated that even such large changes may be ok for future updates to stable, as
> > far as clamav is concerned.
> 
> I'm very unhappy that you read the statement of "we can get new upstream
> versions" as "the freeze doesn't apply to us, does it?".
> 

I would like to apologize if my message was unclear in this respect - I surely
did not mean to say this; I was aware of the fact that asking for a freeze
exception for clamav could lead to such interpretations. That's why I spoke of
*future* updates to stable - and *asked* for a freeze exception. Whether it is
granted or not is your decision, as package maintainer we can only try our best
to prepare suitable packages.

> I do wonder why I see pyc files in the new version in debdiff.  It's also too
> large to review.
> 

Would you please just tell me which versions you were comparing? Was that
0.96.3+dfsg-2 (latest upload) to 0.96.1+dfsg-1 (version in squeeze)? Obviously
such files should not have ended up in the package, and I'd happily try to
reproduce & fix the problems. 

And yes, the size of the diff could be very large, it's a jump of two upstream
versions.

> So it's the question if we go the "if it blows to pieces, you get to keep them"
> mode.  But as the future uploads will be out of our control anyway, I guess
> I just need to ask you if you are confident with your current package.
>

I'm not sure I really get your message (I'm not a native speaker and fear I'm
misreading something).  Would you please be so kind to elaborate on what you
mean by "if it blows to pieces, you get to keep them"? And why would future
uploads be out of your control? FWIW, yes, we are pretty confident with the
current package, at least as far as the resulting binary packages and
installations are concerned. Furthermore, the support by upstream is working
amazingly well these days. That notwithstanding, both our source and binary
packages will be buggy in some or the other respect. But should we become aware
of bugs, we (meaning the clamav team, and not the stable release managers,
should problems with the version in stable surface) will try to fix them as
quickly as possible.

I hope my messages helps for clarification, and I hope not to be offensive in
any way.

Best regards,
Michael

Attachment: pgpmb3Ens9aih.pgp
Description: PGP signature

Reply to:

References:
- Bug#598255: Freeze exception for clamav 0.96.3+dfsg-2
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: proposed update for CVE-2010-2494 in lenny
Next by Date: Bug#598883: unblock: kolab-webadmin/2.2.3-20091217-3
Previous by thread: Bug#598255: Freeze exception for clamav 0.96.3+dfsg-2
Next by thread: Re: Proposed upload for python-clamav
Index(es):
- Date
- Thread