* Kurt Roeckx: >> For ClamAV and ClamAV-derived packages, I'd prefer to see uploads of >> new upstream versions to stable-security or stable-proposed-updates >> (that is, remove it from volatile). > > I think one the reason why clamav is in volatile is that the engine > might need updating to detect new viruses. Is that something you > want to support in stable-security?
Yes, I think it would make sense. Over time, it becomes increasingly onerous to provide backported patches for clamav, and there is little benefit (maybe except for cases where clamav is solely used as a spam filter). I also think that providing security support for volatile makes sense, and I've been wondering if it makes sense to kill two birds with one stone, so to speak. Of course, there's the slight issue that some maintainers will complain loudly because they still can't upload new upstream versions for their packages. 8-) I guess this is something we have to deal with for the benefit of our users, though. > I don't think an upload only to stable-proposed-updates is something > we want for that, since it might take a long time until the next > point release. On the other hand, we want quite a bit of testing before we push out a new version. I don't really want to tie new major upstream version to a security update. So perhaps there's still a reason to upload newer versions to volatile, and we will just base security updates off that (similiar to what we currently do with stable-proposed-updates in most applicable cases)? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org