Re: [Secure-testing-team] Security support for volatile?
On Fri, Mar 13, 2009 at 09:21:44PM +0100, Florian Weimer wrote: Yes, this is the correct approach in principle, but I don't think release candidates should be uploaded to volatile. But I can't speak for debian-volatile, really. Never noticed the rc in the version number there. I suppose also that a new version should only be uploaded to volatile if the current version will have reduced functionality as a result of changes in the new version. Cheers, Tom -- Beware of programmers carrying screwdrivers. -- Chip Salzenberg signature.asc Description: Digital signature
Re: [Secure-testing-team] Security support for volatile?
This one time, at band camp, Michael Stone said: On Mon, Feb 23, 2009 at 07:27:14PM +0100, Kurt Roeckx wrote: I think one the reason why clamav is in volatile is that the engine might need updating to detect new viruses. Is that something you want to support in stable-security? I think there's a couple of questions to answer: 1) is there any point in deploying a virus scanner with outdated definitions? Not in my opinion. 2) is volatile well known enough that everyone installing a virus scanner with debian is using the version in volatile? Sadly, no. We still get people using the version shipped in etch on #clamav and the clamav-users list, although the numbers are going down over time. I'm hoping that the lenny release will help, as volatile is more likely to end up in people's sources.list. I'm right now in the process of preparing an upload of clamav 0.95rc1; as such, the question is: where to upload to? unstable? volatile? Any of the other queues? Thanks, Michael pgpoYS9z0ksFY.pgp Description: PGP signature
Re: [Secure-testing-team] Security support for volatile?
On Fri, Mar 13, 2009 at 12:37:35PM +0100, Michael Tautschnig wrote: I'm right now in the process of preparing an upload of clamav 0.95rc1; as such, the question is: where to upload to? unstable? volatile? Any of the other queues? Maybe I'm not quite clear on the concept of volatile, but I would have thought both. One built against stable goes to volatile, the other goes to unstable. Cheers, Tom -- The opossum is a very sophisticated animal. It doesn't even get up until 5 or 6 PM. signature.asc Description: Digital signature
Re: [Secure-testing-team] Security support for volatile?
* Tom Furie: On Fri, Mar 13, 2009 at 12:37:35PM +0100, Michael Tautschnig wrote: I'm right now in the process of preparing an upload of clamav 0.95rc1; as such, the question is: where to upload to? unstable? volatile? Any of the other queues? Maybe I'm not quite clear on the concept of volatile, but I would have thought both. One built against stable goes to volatile, the other goes to unstable. Yes, this is the correct approach in principle, but I don't think release candidates should be uploaded to volatile. But I can't speak for debian-volatile, really. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Secure-testing-team] Security support for volatile?
* Luk Claes: Currently the security support for the volatile archive is supposed to be taken care of by the uploaders of the respective packages. I think it would make sense to have someone or a team tracking security issues for volatile. What do you think? Is anyone up to providing such issue tracking for volatile? On 22.02.09 22:06, Florian Weimer wrote: For ClamAV and ClamAV-derived packages, I'd prefer to see uploads of new upstream versions to stable-security or stable-proposed-updates (that is, remove it from volatile). May I know why? I think that volatile is exactly the place where they should be. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Secure-testing-team] Security support for volatile?
* Luk Claes: Currently the security support for the volatile archive is supposed to be taken care of by the uploaders of the respective packages. I think it would make sense to have someone or a team tracking security issues for volatile. What do you think? Is anyone up to providing such issue tracking for volatile? For ClamAV and ClamAV-derived packages, I'd prefer to see uploads of new upstream versions to stable-security or stable-proposed-updates (that is, remove it from volatile). -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org