Victor Duchovni put forth on 12/1/2010 3:41 PM: > On Wed, Dec 01, 2010 at 03:11:12PM -0600, Stan Hoeppner wrote: > >> Victor Duchovni put forth on 12/1/2010 2:28 PM: >>> On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote: >>> >>>> I intend to upgrade Postfix version 2.5.5 to 2.7.1. >>> >>> May as well use 2.7.2. >> >> The OP sticks to Debian Stable and Backports packages Viktor, as I do. >> We've waited almost 2 years for something newer than 2.5.5. Unless >> there are security issues (which Postfix never suffers) then the next >> backport we'll likely see is 2.8.x some weeks or months after Wietse >> officially releases it--this coming directly from the mouth (fingers) of >> the Debian Postfix maintainer, Lamont Jones, in a reply to my email to >> him of a few days ago. > > It would be unwise of LaMont or Debian, having selected a particular > Postfix 2.x release (say 2.7) to not track the patch updates from time to > time. I understand that Debian stable or backports won't switch from 2.7 > to 2.8 any time soon, but they should integrate patches in a reasonably > timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we > have the changes below. They are not "critical", but O/S distributions > still need to not sit on bug-fixes too long...
I'm not exactly sure how, or if, this is handled. I don't recall seeing any updates to 2.5.5-1.1, security or otherwise, since Lenny was released in Feb 2009. Maybe I don't have the correct set of apt sources configured? Unlikely but possible I guess. I Absolutely agree it would be preferable for the user base to get these bug fixes, and preferably in a timely manner. I could very well be wrong here, but AFAIK, there have been zero updates to Lenny Postfix 2.5.5-1.1 since Lenny was released. And if not for the Backports effort, we'd not have 2.7.1, and still be stuck with unpatched 2.5.5-1.1. Would it be appropriate for you or Wietse to fire off a kind note to Lamont simply inquiring about Postfix version/bug fix support in Debian Stable/Backports? The community recently voted to keep the 2 year (gasp) release cycle. If they're not going to even bug fix Postfix for a two year period, that may be worth having at least a short discussion with the maintainer about. Now that they absorbed the Backports project this situation may change a bit, although that's merely speculation. As I may have stated before, Dovecot has seen multiple Backport releases recently due to bug fixes. Postfix doesn't seem to be getting any attention at all. This is a shame because Debian is a great stable OS, and from what I gather, Postfix atop it is very popular. lamont at debian.org -- Stan > 20100610 > > Bugfix (introduced Postfix 2.2): Postfix no longer appends > the system default CA certificates to the lists specified > with *_tls_CAfile or with *_tls_CApath. This prevents > third-party certificates from getting mail relay permission > with the permit_tls_all_clientcerts feature. Unfortunately > this may cause compatibility problems with configurations > that rely on certificate verification for other purposes. > To get the old behavior, specify "tls_append_default_CA = > yes". Files: tls/tls_certkey.c, tls/tls_misc.c, > global/mail_params.h. proto/postconf.proto, mantools/postlink. > > 20100714 > > Compatibility with Postfix < 2.3: fix 20061207 was incomplete > (undoing the change to bounce instead of defer after > pipe-to-command delivery fails with a signal). Fix by Thomas > Arnett. File: global/pipe_command.c. > > 20100727 > > Bugfix: the milter_header_checks parser provided only the > actions that change the message flow (reject, filter, > discard, redirect) but disabled the non-flow actions (warn, > replace, prepend, ignore, dunno, ok). File: > cleanup/cleanup_milter.c. > > 20100827 > > Performance: fix for poor smtpd_proxy_filter TCP performance > over loopback (127.0.0.1) connections. Problem reported by > Mark Martinec. Files: smtpd/smtpd_proxy.c. > > 20101023 > > Cleanup: don't apply reject_rhsbl_helo to non-domain forms > such as network addresses. This would cause false positives > with dbl.spamhaus.org. File: smtpd/smtpd_check.c. > > 20101117 > > Bugfix: the "421" reply after Milter error was overruled > by Postfix 1.1 code that replied with "503" for RFC 2821 > compliance. We now make an exception for "final" replies, > as permitted by RFC. Solution by Victor Duchovni. File: > smtpd/smtpd.c. >
