Re: Updating scanners and filters in Debian stable (3.1)

[Steve Kemp <skx@debian.org>]

On Tue, Sep 14, 2004 at 07:51:36PM +0200, Johannes Rohr wrote:

> Maybe not as likely as loosing the web location that holds the 
> information. I thought about using my current web space. But that is a 
> free service which could be discontinued at any time. Therefore I'd 
> prefer updating stable in case of changes introduced by the vendor.

  Rather than using a free space, it sounds like it's an ideal use
 for Alioth.  That provides a hopefully-stable location which has
 official Debian support and control.

  If there were a project registered for either the package
 or just the updates it provides a simple mechanism where others 
 could perform updates too.

> Additionally, there might be changes that cannot be caught by keeping an 
> extra bit of information at some Internet location: In the past, Frisk 
> Software replaced the shell script they used formerly for updating virus 
> definitions, by a perl script which introduced a depencency on several 
> perl modules.

  This is the kind of thing that I see as being more of a problem.

  In the past updates to some software has required updated engines
 in addition to updated rulesets.  (I think snort has suffered from
 this, as an example).

  The only sane way of handling this I think has got to be 
 essentially backporting the whole program against the stable
 release and releasing a new package.  This is suboptimal in
 the sense that it does require any dependencies to be included
 in stable, and it bypasses the stable release mechanism, unless
 it could be quickly rolled into an update to stable.

Steve
--