Re: [Secure-testing-team] Security support for volatile?
On Sun, Feb 22, 2009 at 10:06:41PM +0100, Florian Weimer wrote:
> * Luk Claes:
> > Currently the security support for the volatile archive is supposed
> > to be taken care of by the uploaders of the respective packages.
> > I think it would make sense to have someone or a team tracking
> > security issues for volatile.
> > What do you think? Is anyone up to providing such issue tracking for
> > volatile?
> For ClamAV and ClamAV-derived packages, I'd prefer to see uploads of
> new upstream versions to stable-security or stable-proposed-updates
> (that is, remove it from volatile).
I think one the reason why clamav is in volatile is that the engine
might need updating to detect new viruses. Is that something you
want to support in stable-security? I don't think an upload only
to stable-proposed-updates is something we want for that, since
it might take a long time until the next point release.