Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Security-Discuss] Re: [Security Announce] MDKSA-2005:113 - Updated clamav packages fix vulnerability
From: Simon Oosthoek (simonmargo.student.utwente.nl)
Date: Tue Jul 12 2005 - 09:58:48 CDT
On Tue, Jul 12, 2005 at 08:51:10AM -0600, Vincent Danen wrote:
> On 12-Jul-05, at 12:17 AM, Simon Oosthoek wrote:
> >> Mandrakelinux 10.1:
> >> d1a61855ca50e53018e5c65ef380d8dd 10.1/RPMS/
> >wouldn't it make sense in the case of this package, to update to
> >the latest
> >stable version?
> >Clamav complains about being too old and actually lacks
> >functionality when
> >older versions are used...
> >Just a thought.
> Thanks for the thought, but no. It actually wouldn't make sense. We
> have an established policy that has been noted many *many* times that
> we patch packages rather than update to the latest and greatest so as
> to prevent regressions or rebuilds in other packages that require
> what we're updating.
Obviously, I'm questioning the validity of the policy ;-)
Seriously, things changed when clamav was taken from contrib and put into
main. I'm sure most policies develop exceptions as the world changes from
what it was at the time the policy was defined to what it is now.
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
Join the Club : http://www.mandrivaclub.com