Thanks for informations,

I understand that it is not the good ML for this message, but I take the
opportunity:

Guys, I use trie lite database for my prod. You remove from a day to the
next day without warning users nor providing serious replacement solution.
That’s absolutely not professional.

Thierry


> On 19 Jul 2017, at 09:27, Willy Tarreau <[email protected]> wrote:
> 
> On Wed, Jul 19, 2017 at 08:55:09AM +0200, Florian Tham wrote:
>> Same problem here. It seems 51degrees close-sourced the trie
>> algorithm, see 
>> https://github.com/51Degrees/Device-Detection/blob/master/data/TRIE.txt:
>> 
>> "The 51Degrees 'trie' algorithm is not open source and is only made
>> available through a proprietary license.".
>> 
>> The github repo history has been rewritten. There are now only 2
>> commits in master, "Initial commit" dating from 2017-06-27.
> 
> Pffff... Guys, you broke all the stable series *AGAIN* ? So let me check,
> that also means that branch 3.2.5 documented as being necessary to build
> 1.6 was removed as well! Good! I prefer to imagine it's a mistake, but
> anyway it is totally unprofessional and simply shows how much you care
> about your users.
> 
> So in the end, haproxy 1.6 and 1.7 users who are relying on your lib
> simply cannot upgrade to latest haproxy security fixes simply because
> you unilateraly broke your library again, preventing them from building
> an updated version!
> 
>> Building haproxy with the pattern algorithm still works. I wonder how long :(
> 
> I agree, we cannot trust such an external component at all with such a
> track record, it's the second time it happens :-(
> 
> I just found a fork of the github repo here which I think could possibly
> work, it even contains the v3.2.5 branch :
> 
>    https://github.com/aerendil/device-detection-nginx-fix
> 
> It would be a good idea to clone it before it disappears.
> 
> Now if there is no sign of a quick fix for this situation which puts our
> users at risk again, I think the only option will be to definitely remove
> and blacklist this code from haproxy. It will still piss off all of its
> users but they were already betrayed twice. However it will limit the
> risk of making new victims.
> 
> I can't believe it....
> 
> Willy
> 


Reply via email to