----- Message from Bill Cole
<sausers-20150...@billmail.scconsult.com> ---------
Date: Sun, 04 Apr 2021 15:16:32 -0400
From: Bill Cole <sausers-20150...@billmail.scconsult.com>
Subject: Re: Update SA on CentOS
To: users@spamassassin.apache.org
On 4 Apr 2021, at 0:19, Simon Wilson wrote:
CentOS / RHEL backport critical security fixes into the stock
versions... you lose that as soon as you go 'roll-your-own'.
Not a real feature IF you're keeping up with SA releases. Arguably
an anti-feature. Critical security fixes for SA are integrated into
minor version releases (such as in 3.4.5) and are not assured of
being backportable onto any version of SA older than the live 'HEAD'
of the development branch when the security fix is committed.
Put another way, RedHat cherry-picks code changes (security and
bugfix) that may not be fully independent of the other changes made
between releases. They may be creating versions that have subtle
breakage that no canonical release or even point-in-time development
HEAD snapshot shares.
Hi Bill,
You may be absolutely correct - I don't know. Are there documented
examples of the breaks you speak of? Running 3.4.2 on RHEL8 I'd be
interested to know.
But that does somewhat miss my point - which for the topic posted was
that understanding *exactly what the problem is* and then working out
what may address it makes more sense than jumping *first* to a
roll-your-own on an OS with a design strategy such as CentOS.
Simon.
___________
Simon Wilson
M: 0400 12 11 16
