Thanks for informations, I understand that it is not the good ML for this message, but I take the opportunity:
Guys, I use trie lite database for my prod. You remove from a day to the next day without warning users nor providing serious replacement solution. That’s absolutely not professional. Thierry > On 19 Jul 2017, at 09:27, Willy Tarreau <[email protected]> wrote: > > On Wed, Jul 19, 2017 at 08:55:09AM +0200, Florian Tham wrote: >> Same problem here. It seems 51degrees close-sourced the trie >> algorithm, see >> https://github.com/51Degrees/Device-Detection/blob/master/data/TRIE.txt: >> >> "The 51Degrees 'trie' algorithm is not open source and is only made >> available through a proprietary license.". >> >> The github repo history has been rewritten. There are now only 2 >> commits in master, "Initial commit" dating from 2017-06-27. > > Pffff... Guys, you broke all the stable series *AGAIN* ? So let me check, > that also means that branch 3.2.5 documented as being necessary to build > 1.6 was removed as well! Good! I prefer to imagine it's a mistake, but > anyway it is totally unprofessional and simply shows how much you care > about your users. > > So in the end, haproxy 1.6 and 1.7 users who are relying on your lib > simply cannot upgrade to latest haproxy security fixes simply because > you unilateraly broke your library again, preventing them from building > an updated version! > >> Building haproxy with the pattern algorithm still works. I wonder how long :( > > I agree, we cannot trust such an external component at all with such a > track record, it's the second time it happens :-( > > I just found a fork of the github repo here which I think could possibly > work, it even contains the v3.2.5 branch : > > https://github.com/aerendil/device-detection-nginx-fix > > It would be a good idea to clone it before it disappears. > > Now if there is no sign of a quick fix for this situation which puts our > users at risk again, I think the only option will be to definitely remove > and blacklist this code from haproxy. It will still piss off all of its > users but they were already betrayed twice. However it will limit the > risk of making new victims. > > I can't believe it.... > > Willy >
