Second case study when a customer has a policy of just installing security updates on #linux and it screws up things eventually.

clamav-freshclam was updated last year to support https URLs and fix a few other bugs exposed when using private mirrors.

It's *not* a security update, so it's not installed, so the whole mirroring process is broken.

Earlier I had the same with GeoIP libraries, which aren't "security" update either but they impact security significantly.