grumpybozo commented on PR #27: URL: https://github.com/apache/spamassassin/pull/27#issuecomment-4214444185
> I’d like to kindly highlight the importance of this issue. > > In the discussion it was mentioned that upgrading to a newer SpamAssassin version would be the preferred solution, especially considering that CentOS 7 is EOL and maintaining older versions may not be a priority. However, in reality, many production systems are still running on CentOS 7 and cannot easily upgrade. **_That is a skill issue._** SpamAssassin can be installed and upgraded from source manually or via CPAN and work just fine on CentOS 7, given the courage to do so. It would be irresponsible for us to encourage this because it is generally UNSAFE to run CentOS 7 for an edge service that has to accept and filter arbitrary external inputs. > Since all versions rely on updates.spamassassin.org, it would be very helpful if this already merged fix could be deployed there, so affected users can benefit from it. The updates server serves rule updates only. There's no mechanism to distribute code fixes via the same mechanism and there will not be one as long as I'm a PMC member. It would be a fundamental security error. We do extensive manual testing of releases in keeping with ASF norms, but rules are enabled and rescored by an automated QA process to release daily, which could not be done for the code while maintaining our quality standards. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
