This one time, at band camp, Jim Popovitch said: > On Mon, 2007-07-23 at 15:37 +0100, Stephen Gran wrote: > > Then, as I have before, I'll fix the product for volatile myself. The > > simplest fix for avscan is to disable a whole swath of functionality in > > avscan, so I'd rather not take the simple approach. > > I can appreciate that. What I haven't seen/heard is whether or not the > avscan folks have even started on an approach. I did say that I was talking to them and they are working on a fix, but maybe it got missed. > > If the resolution is going to take more than a short while, I can do a > > targetted fix to resolve the DoS present in 0.91. > > Are we talking about waiting 1 day, 1 week, 1 month, or 1 year on the > avscan folks? More than a day, but less than a week. > Yes, at some point I do believe it is OK to break systems that depend on > other software that isn't maintained in a timely fashion. Is it OK with > you to leave a DoS app in production while a less used application waits > for an unspecified amount of time to be fixed. Interestingly enough > Amavis and other ClamAV dependent applications don't suffer from those > nuances. Sorry, but this really isn't how my understanding of stable, security, or volatile works. If you are OK with upgrades on a stable system breaking software, we might have different ideas about what 'stable' means. This one time, at band camp, paddy@panici.net said: > On Mon, Jul 23, 2007 at 04:13:18PM +0000, paddy@panici.net wrote: > > > > Can the new clam packages conflict against an avscan version that > > hasn't been released yet but will have the fix in it ? > > sorry, > > conflict against versions *prior to* an as-yet-unreleased fixed version If avscan was for some reason your mission critical app, would that be a good solution for you? It's a fallback possibility, yes, but one I'd like to use as a last resort. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature