Re: Bug#617444: clamav: (PRSC) Please backport fix for CVE-2011-1003
On Tue, 2011-03-15 at 17:55 +0000, Michael Tautschnig wrote:
> > > Minimal testing of the squeeze-specific build has been performed; the same
> > > version, although built for lenny-volatile, is being "tested" in
> > > production environments. I'm now uploading to squeeze-updates.
> > Unfortunately, the upload got rejected by dak.
> > Please could you re-upload using "stable" as the distribution.
> > "squeeze-updates" is not intended as a direct upload target.
> Fixed and re-uploading just now.
Thanks. I've marked it for acceptance in to proposed-updates during the
next dinstall; we'll see how quickly the majority of the builds come in
and promote it to squeeze-updates later.
> Is that use of distribution names documented
> anywhere? I had taken a look at tzdata, which indeed uses "stable", but
The relevant section of the Developer's Reference -
<URL:http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable> - implies that "stable" is correct. That section, together with basically all other documentation about updating stable, needs overhauling to match current practice and policy, but from that point-of-view it's correct.
> according to  all these are equivalent and I found squeeze-updates to be much
> more descriptive, hence used that one.
That's the theory; it doesn't quite work right now, as you discovered.
(Although in this case it was due to the version constraints on
squeeze-updates being different from those on proposed-updates
> Another related question: should one send a working draft of an update
> announcement to somewhere? I'm used to doing that for volatile, but don't know
> about the procedures for stable-updates.
Feel free to ping it in my direction if you'd like.
>  http://lists.debian.org/debian-release/2011/03/msg00007.html