Vincent Lefevre wrote: > Is the spamassassin Debian package unsafe to use in stable? > > The issue is that things related to spam evolves rapidly, but > Debian stable is... stable.
Debian stable already has the current version of SpamAssassin: | News and Announcements | | 2024-03-29: Apache SpamAssassin 4.0.1 has been released! [...] <https://spamassassin.apache.org/news.html> | thh@angmar:~$ apt show spamassassin | Package: spamassassin | Version: 4.0.1-1~deb12u1 > So its rules become obsolete, such as > those that generate > > RCVD_IN_VALIDITY_CERTIFIED_BLOCKED > RCVD_IN_VALIDITY_RPBL_BLOCKED > RCVD_IN_VALIDITY_SAFE_BLOCKED > > while upstream gave them zero scores in May. Rules are updated by the sa-update service, started e.g. by | systemctl enable --now spamassassin-maintenance.timer | systemctl start spamassassin-maintenance.service Doing that, the scores are up to date: | thh@angmar:~$ grep RCVD_IN_VALIDITY /var/lib/spamassassin/4.000001/updates_spamassassin_org/50_scores.cf | score RCVD_IN_VALIDITY_CERTIFIED 0 | score RCVD_IN_VALIDITY_SAFE 0 | score RCVD_IN_VALIDITY_RPBL 0 | #score RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 | #score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 | #score RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 Kind regards, -thh
