Re: Updating scanners and filters in Debian stable (3.1)
On Tue, Sep 14, 2004 at 07:23:48PM +0100, Steve Kemp wrote:
> On Tue, Sep 14, 2004 at 07:51:36PM +0200, Johannes Rohr wrote:
>
> > Maybe not as likely as loosing the web location that holds the
> > information. I thought about using my current web space. But that is a
> > free service which could be discontinued at any time. Therefore I'd
> > prefer updating stable in case of changes introduced by the vendor.
>
> Rather than using a free space, it sounds like it's an ideal use
> for Alioth. That provides a hopefully-stable location which has
> official Debian support and control.
>
Uhm, trusting a so opened machine about this kind of
security-concerned updates is not a great idea.
> If there were a project registered for either the package
> or just the updates it provides a simple mechanism where others
> could perform updates too.
>
> > Additionally, there might be changes that cannot be caught by keeping an
> > extra bit of information at some Internet location: In the past, Frisk
> > Software replaced the shell script they used formerly for updating virus
> > definitions, by a perl script which introduced a depencency on several
> > perl modules.
>
> This is the kind of thing that I see as being more of a problem.
>
> In the past updates to some software has required updated engines
> in addition to updated rulesets. (I think snort has suffered from
> this, as an example).
>
> The only sane way of handling this I think has got to be
> essentially backporting the whole program against the stable
> release and releasing a new package. This is suboptimal in
> the sense that it does require any dependencies to be included
> in stable, and it bypasses the stable release mechanism, unless
> it could be quickly rolled into an update to stable.
>
I think it's simply preferrable having those stuff off-stable.
Users MUST know that they are on their own with this kind of
software which require a short release cycle.
--
Francesco P. Lovergine
Reply to: