On Mon, Jul 23, 2007 at 03:37:53PM +0100, Stephen Gran wrote: <snip> > If the resolution is going to take more than a short while, I can do a > targetted fix to resolve the DoS present in 0.91. It is a two line > patch that fixes a bug that does not allow for code execution, so it is > hardly a critical update. New upstream versions are not, by their very > nature, "critical updates" in my mind, sorry. There are some nice > feature fixes in 0.91.1 over 0.91, but none of them so important as to > warrant hyperbole. If the security issues addressed in the latest > release were more severe, I would have already coordinated a volatile > security point release, as I have already done for stable and testing.
On Mon, Jul 23, 2007 at 05:29:11PM +0100, Stephen Gran wrote: > > This one time, at band camp, [EMAIL PROTECTED] said: > > On Mon, Jul 23, 2007 at 04:13:18PM +0000, [EMAIL PROTECTED] wrote: > > > > > > Can the new clam packages conflict against an avscan version that > > > hasn't been released yet but will have the fix in it ? > > > > sorry, > > > > conflict against versions *prior to* an as-yet-unreleased fixed version > > If avscan was for some reason your mission critical app, would that be a > good solution for you? It's a fallback possibility, yes, but one I'd > like to use as a last resort. Stephen, apologies, I had skimmed parts of the thread. It is the top passage which I wish I read more slowly: you have considered this. Indeed, I am sure avscan users will be very grateful that you took the time you did to discover this problem in the first place, and the proof of the pudding is right there. I recall there being some wish to define volatile as being a place that would not 'drag in' dependencies. Personally, I never felt confident to try to make an abstract judgement about that ahead of time (leaning towards the belief that it might sometimes be the best option), but if I understand the situation with avscan then perhaps that issue arises here ? Regards, Paddy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
