cyrus-imapd-2.2: New upstream version available
Henrique de Moraes Holschuh
hmh at debian.org
Fri Sep 11 22:58:37 UTC 2009
On Fri, 11 Sep 2009, Sven Mueller wrote:
> Debian External Health System schrieb:
> > The Debian External Health Status system (a.k.a. DEHS) has found a new
> > upstream version of the package cyrus-imapd-2.2 in the unstable distribution.
> > The current package version is 2.2.13-16 and latest by upstream is 2.2.13p1.
>
> Apart from the obvious thing (the security patch), they also updated
> some of the error string handling. I don't see any security issue in
> that part of the code (old or new). However, the real question is:
>
> Should we release a 2.2.13p1-1 for unstable+squeeze?
Why not? An update is an update, bug fixes are bug fixes, and it will make
version-based security scanners a lot happier.
> Or should we only do that if/when we also update to a newer BerkeleyDB?
If we release often, we have better checkpoints to hunt down bugs. It would
be nice to know if something broke because of the new upstream, or because
of BDB, and releasing the new upstream now (without the newer BDB) would
help with that.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list