On Thu, 17 Feb 2011 11:20:44 -0600, Boyd Stephen Smith Jr. wrote:
> On Thursday 17 February 2011 11:05:42 Camaleón wrote:
>> > From what I understand, the clamav binaries are only updated inYes, I know that and I'm fine with that policy. What made me getting a
>> > stable (even in stable/volatile or stable-updates) when a new version
>> > is needed in order to use the updated virus definitions, or for the
>> > normal stable update criteria.
>>
>> Uh? Is that true? I thought the whole volatile repo was also handling
>> "oldstable" packages? :-?
>
> I wasn't clear. I mean that just because there is a new upstream
> version of ClamAV, that doesn't mean it will get included in volatile.
> It might be appropriate for volatile, but not all new upstream versions
> are.
bit nervous was not seeing much activity in volatile's mailing list.
Here is the changelog... you finally made me to read it ;-)
>> > However clamav (and more and more software) starts getting noisy as
>> > soon as upstream provides a new version, for whatever reason. Even
>> > in A/V software, not every upgrade is appropriate for stable.
>>
>> Well, I don't read all and each of the ClamAV new released changelogs
>> to see what has been patched, but being an AV I'd expect a new version
>> corrects some severe bugs and not just "cosmetic" errors.
>
> While I don't think your expectation is well-founded, if it is the case
> that the new version corrects some severe bugs, I would expect it not
> only in lenny-volatile but also lenny-proposed-updates. Maybe not
> lenny-proposed- updates, but I think the RC-level bug fix policy in
> oldstable is roughly the same as stable.
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97
>From 0.96.5 (released on Tue Nov 30) to 0.97 (released on Mon Feb 7) I
can't see any pacth that can be considered dangerous or remotely
exploitable, so all seems okay. I'll patiently wait and see.
Greetings,
--
Camaleón