Is their an ETA or any information one when the next official stable release will take place.
Now it's not fully disclosed, but there is an implied vulnerability, either with <=1.3.3 or just 1.3.3. Which it's recommended to use 1.3.3.1 per http://secunia.com/advisories/26316/ That caused the following bug on Gentoo http://bugs.gentoo.org/show_bug.cgi?id=188638 Can someone clarify if that effects <=1.3.3 or just 1.3.x? Is 1.2.6 effected by the vulnerability? Now 1.3.3.1 comes with it's own problems, 100% cpu usage. Then there are other "releases" happening else where or something? Which those seem to be crashing and have other issues. Not really official, site is never updated or reflects the >1.3.3.1 releases. As a system administrator running ASSP for the past 1200+ days consecutively on several product mail servers. I have never had problems like the present. Not a single security issue to my knowledge aside from some path traversal stuff we addressed via a patch. After it was refused by upstream. Now with all the issues and instability. Really starting to question the direction of the project a bit and it's rather sad. If I have to get involved I will, but perl is not really my thing. That being said I am doing my part downstream packaging and making it easy for others to install and use ASSP. Unfortunately this volunteer tasks is becoming daunting. There are lots of unofficial release. Way to many for me to package due to how we have to patch things. Since ASSP config files do NOT support absolute paths. It expects everything to be under $BASE, which is not FHS compliant for any *nix system. We try to adhere to FHS when packaging applications on Gentoo. Presently I am left with the following. http://bugs.gentoo.org/show_bug.cgi?id=191727 Please help. I am not here looking to bitch or whine. I don't want to create extra work for you all, and surely don't want any more myself. That being said this is all open source and happening in the public. If you all are professionals with a reputation at stake. Might want to up the QA a bit before doing releases. I know Fritz and others have been putting in hard work. I very much appreciate and use allot of the newer features. That made an already effective ASSP even more so, with features like PB, Delaying, etc. That said, doesn't look good to have the following on the main site :) "ASSP 1.3.3.1 is ready for download from the Sourceforge site! This release is packed with new features and enhancements, so many that we skipped a version number and combined them into 1.3.3! Fritz and crew have put a lot of hard work into this one and it shows." Presently it's showing allot of problems and lack of QA before release. Effecting many, in a project where this has never really happened before in the past 3+ years. So credit is a double edged sword in the FOSS world. And most times, your damned either way, never credited for the good. If credit or etc is what FOSS developers are after, likely in the wrong field :) Thus no goodzilla, just bugzilla. No way to report the good only the bad :) -- William L. Thomson Jr. Gentoo/Java
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
