2021-04-15 19:00:02 UTC
(I sent a similar message to debian-release recently, but am opening a
bug under the expectation that the post will get lost in the noise.)
There are a few issues in spamassassin that need to be addressed prior to
the bullseye release, and I'd like to discuss the best path forward.
Bullseye currently contains version 3.4.5~pre1-3, which is based on a
pre-release of the 3.4.5 upstream release. Upstream released 3.4.5 during
the bullseye freeze, and followed up immediately with a 3.4.6 to fix two
regressions   that were not caught in testing. The regressions are
already present in 3.4.5~pre-3, so we'll need some form of an update.
I'd also like to include the fix for , which breaks installation in some
(uncommon) scenarios. The fix is small and should be low-risk.
These are all pretty clearly issues that need to get fixed. What I'm
specifically interested in discussing, though, is the various upstream
commits between the 3.4.5-pre1 release and 3.4.5-final. There are 37
commits in this set, involved in fixing 10 upstream bugs. As most of these
bugs involve miscategorization of processed email, leaving them unfixed can
potentially lead to data loss.
I've compiled a list of the upstream bugs fixed in their 3.4 branch at .
Most of the rest of the changes have to do with release administrivia
and housekeeping (svn branch management, updating the Apache logo,
updating version strings, spelling corrections, etc).
If it was completely up to me, I'd want 3.4.6-1 released with bullseye.
It will be better supported by upstream and contains all the relevant
bug fixes. IMO it's less likely to introduce any new regressions than a
3.4.5-pre1-4 with relevant changes pulled back from upstream's svn.
However, it's late in the freeze and I fully understand the policy wrt
to new upstream releases.
The alternative is that we update to a 3.4.5~pre1-4 that cherry-picks
only the specific commits targeting the bugs I'd like to fix. This
will definitely result in a smaller debdiff, but would still carry a
comparable level of risk due to the cherry-picked changes being most
of the actual code changes introduced upstream.
The debdiff for 3.4.6-1 is at . The debdiff for 3.4.5~pre1-4 is at
Let me know how you'd like to proceed.