[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#617444: clamav: (PRSC) Please backport fix for CVE-2011-1003


On Tue, 2011-03-15 at 17:55 +0000, Michael Tautschnig wrote:
> > > Minimal testing of the squeeze-specific build has been performed; the same
> > > version, although built for lenny-volatile, is being "tested" in
> > > production environments. I'm now uploading to squeeze-updates.
> > 
> > Unfortunately, the upload got rejected by dak.
> > 
> > Please could you re-upload using "stable" as the distribution. 
> > "squeeze-updates" is not intended as a direct upload target.
> > 
> Fixed and re-uploading just now.

Thanks.  I've marked it for acceptance in to proposed-updates during the
next dinstall; we'll see how quickly the majority of the builds come in
and promote it to squeeze-updates later.

> Is that use of distribution names documented
> anywhere? I had taken a look at tzdata, which indeed uses "stable", but

The relevant section of the Developer's Reference -
<URL:http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable> - implies that "stable" is correct.  That section, together with basically all other documentation about updating stable, needs overhauling to match current practice and policy, but from that point-of-view it's correct.

> according to [1] all these are equivalent and I found squeeze-updates to be much
> more descriptive, hence used that one.

That's the theory; it doesn't quite work right now, as you discovered.
(Although in this case it was due to the version constraints on
squeeze-updates being different from those on proposed-updates

> Another related question: should one send a working draft of an update
> announcement to somewhere? I'm used to doing that for volatile, but don't know
> about the procedures for stable-updates.

Feel free to ping it in my direction if you'd like.

> [1] http://lists.debian.org/debian-release/2011/03/msg00007.html



Reply to: