Control: tags -1 confirmed moreinfo Hi Noah,
On Thu, Apr 15, 2021 at 11:52:39AM -0700, Noah Meyerhans wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > (I sent a similar message to debian-release recently, but am opening a > bug under the expectation that the post will get lost in the noise.) > > There are a few issues in spamassassin that need to be addressed prior to > the bullseye release, and I'd like to discuss the best path forward. > > Bullseye currently contains version 3.4.5~pre1-3, which is based on a > pre-release of the 3.4.5 upstream release. Upstream released 3.4.5 during > the bullseye freeze, and followed up immediately with a 3.4.6 to fix two > regressions [1] [2] that were not caught in testing. The regressions are > already present in 3.4.5~pre-3, so we'll need some form of an update. > > I'd also like to include the fix for [3], which breaks installation in some > (uncommon) scenarios. The fix is small and should be low-risk. > > These are all pretty clearly issues that need to get fixed. What I'm > specifically interested in discussing, though, is the various upstream > commits between the 3.4.5-pre1 release and 3.4.5-final. There are 37 > commits in this set, involved in fixing 10 upstream bugs. As most of these > bugs involve miscategorization of processed email, leaving them unfixed can > potentially lead to data loss. > > I've compiled a list of the upstream bugs fixed in their 3.4 branch at [4]. > > Most of the rest of the changes have to do with release administrivia > and housekeeping (svn branch management, updating the Apache logo, > updating version strings, spelling corrections, etc). > > If it was completely up to me, I'd want 3.4.6-1 released with bullseye. > It will be better supported by upstream and contains all the relevant > bug fixes. IMO it's less likely to introduce any new regressions than a > 3.4.5-pre1-4 with relevant changes pulled back from upstream's svn. > However, it's late in the freeze and I fully understand the policy wrt > to new upstream releases. > > The alternative is that we update to a 3.4.5~pre1-4 that cherry-picks > only the specific commits targeting the bugs I'd like to fix. This > will definitely result in a smaller debdiff, but would still carry a > comparable level of risk due to the cherry-picked changes being most > of the actual code changes introduced upstream. > > The debdiff for 3.4.6-1 is at [5]. The debdiff for 3.4.5~pre1-4 is at > [6]. I suggest you upload 3.4.5~pre1-4 to unstable and 3.4.6-1 to experimental. I haven't looked at 3.4.5~pre1-4 in detail yet, but I suspect it will be fine. Once it migrates, we can look at 3.4.6-1 again, and by then, the upload to experimental will at least show us obvious issues in the builds or the ci. Please remove the moreinfo tag from this bug when 3.4.5~pre1-4 (or something similar) is ready to migrate. Thanks, Ivo
