On Wed, 13 Feb 2008, Stephen Gran wrote: > > Thank you for the announcement. > > Will this become effective immediately ? > > What this announcement means is that volatile.debian.org has stopped > supporting sarge. Regular security support from security.debian.org > will continue as before.
OK, but since e.g. clamav or spamassassin are 'frozen in sarge' and after having installed newer versions via volatile to keep them usable, the next security-fix (without volatile) means downgrading to the last sarge-frozen package. So after next security-problem (by the way just a day or two ago clamav announced such a fix) you'll be simply FORCED to upgrade to etch or loose functionality i.e the virus-scanner-engine. Wasn't such a situation just the definition of a 'CATCH22'? Without 'etch' you're lost for security-reasons either way, either you'll compromise the server by keeping insecure software, or the users by insecure working of the older software. So the question, 'when is the exact deadline' might be VERY interesting (it might even come to late for clamav though, I just dropped clamav from the old sarge server and have to use another filter -- just luck, that we have one)... Stucki
