[Bug 385567] Re: 8.04 security update breaks configuration
Ubuntu 8.04 LTS is EOL. Is there still a problem. Can we close this bug? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/385567 Title: 8.04 security update breaks configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dansguardian/+bug/385567/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 385567] Re: 8.04 security update breaks configuration
** Changed in: dansguardian (Ubuntu) Status: Incomplete = Invalid ** Changed in: dansguardian (Ubuntu) Status: Invalid = Won't Fix ** Changed in: dansguardian (Ubuntu) Assignee: Scott Kitterman (kitterman) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/385567 Title: 8.04 security update breaks configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dansguardian/+bug/385567/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 385567] Re: 8.04 security update breaks configuration
Security team really dropped the ball here. The whole Download Manager is missing from the previous configuration. There should have been a big warning on upgrading this package to identify the problems with the configuration files. I agree with the original poster, security fixes should not introduce new functionality. -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 385567] Re: 8.04 security update breaks configuration
My understanding is that the OP reviewed the upgrade process and was offered a chance to review the configuration changes, so I'm not sure what more you want? -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 385567] Re: 8.04 security update breaks configuration
How about a .config and .template something like this: .template Template: dg/bigwarning Description: WARNING: Incompatible configuration changes: The upgrade from DG 2.8.0 to DG 2.9 has several configuration file changes that are not compatible with DG 2.8 .config db_get dg/bigwarning Or something like that. -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 385567] Re: 8.04 security update breaks configuration
clamav 0.95 and another dansguardian update are currently in hardy-backports. When we get a significant security issue to deal with we'll probably update clamav to the new version. This will necessarily drive another round of updates for the libclamav reverse dependencies. It would be useful if one of you could test it and see if it also might benifit from a similar warning. -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 385567] Re: 8.04 security update breaks configuration
It's not a question of impossible, but of scalability and ability to find newer virii. The signature updates help, but it's necessary to move to the later version to detect all the threats. We do treat clamav and it's reverse dependencies a bit differently as a result. https://wiki.ubuntu.com/ClamavUpdates describes what we are doing. I'm interested in suggestions on what could be done to improve the situation. -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 385567] Re: 8.04 security update breaks configuration
** Changed in: dansguardian (Ubuntu) Status: New = Incomplete ** Changed in: dansguardian (Ubuntu) Assignee: (unassigned) = Scott Kitterman (kitterman) -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 385567] Re: 8.04 security update breaks configuration
Hello, I've re-run the update on a virtual machine to see what would go wrong. I can say the update process did not go wrong per se. It asked me what files i wanted to replace, so i told it to replace all the .conf files. It did, so of course i removed the line UNCONFIGURED in dansguardian.conf and it could start. The update process is OK. It's the mere fact that there's such an important update in security repositories that caught my attention. Here's the situation here : i've got 25 dansguardian installations, which synchronise their configuration files (along with blacklists) from a master dansguardian installation. All previous installations were 2.8. When a new installation was done (i.e. my customised CD shipping dansguardian) on a new server, security patches were applied at installation so 2.9 was installed, then it synchronised and it got 2.8 configuration files. New installation was broken. Also if a current installation is updated, config files are replaced and future synchronisations, baised on .diff files, will probably fail. I know the synchronisation process isn't so smart. That's because i assumed no such big update would hit the security repositories. A security update which changes features can harm production environments; that was the situation here. I was unaware of the needed update of libclamav; I understand the dilemna, there were 2 possible choices and none of it were perfect, so it was decided to go for the most secure one. I guess it was impossible to patch libclamav3 instead of updating to libclamav5? -- 8.04 security update breaks configuration https://bugs.launchpad.net/bugs/385567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs