Sergei Gerasenko wrote: > Hello everybody, > > Got a potentially previously answered question. I have spamassassin > 3.0.2-3, which is the current release with Debian. I wouldn't like to > deviate from the official package and so I'm wondering if it's > absolutely necessary to upgrade. I diffed the rules, they seem to be the > same. > Side-note.. what version of SA did you diff against?
It seems highly improbable that the rules you have are the same as those in 3.1.1. Also, even if the literal .cf files are the same, the code implements some of the rules. ALL_TRUSTED behaves considerably different between 3.0.0-3.0.4 and 3.0.5. Did debian backport the changes in the Received: parser that cause this change? All that said, you might be OK with debian's SA 3.0.2-3. While it's important to be fairly current on SA, it's not always critical to be on the latest release. You'll loose out on a little accuracy, but if staying within debian's ports is important to you it might be worth the trade-off. That's your choice to make. I myself despise distro port packages and avoid them for any package that I have a solid knowledge of that I want to update readily. I lean on distro packages for odds-and-ends utilities that I rarely change outside of security updates (bash, tar, gzip), but I go official-source for packages I'm pushing the leading edge of (SA, clamav, snort, etc). But that's my personal preference, and it's not suited to everyone.
