Quoting Simon Hobson <li...@thehobsons.co.uk>:
OK, how's this then. 9.5.3 (IIRC) came out about the time the notice
was published.
And handles the signature, so it doesn't matter.
It costs virtually nothing to add an extra DNS entry,
You don't know what it costs others to setup a DNS entry. Or to run
two signature repositories. Or to deal with support requests for two
different repos and sites.
and the release could have had the default server URL changed for
Freshclam to fetch updates.
No need to. Only needed with 0.96.
it wouldn't even have been a great issue to have a 9.5.4 just for
that - and of course the change would be quite prominent in the
release notes then as well.
Again, you don't know the costs associated with another release.
According to the arguments made in support, all
responsible/competent admins would have been running this or a later
version by the time support for <9.5 was dropped. On that basis, no
responsible/competent admin would have been affected by removing the
DNS entry used by the older versions.
Sure they would be affected... Not by a shutdown of clamd maybe, but
they would surely be affected.
Of course, all this would have a prominent entry, not just on the
ClanAV homepage, but also on the FAQ page whose URL appears in the
freshclam logs.
Yeah, we've already covered that this should have been in the FAQ
and wasn't. Point taken.
Come cutoff date, support is dropped for older versions, but they
will continue to run.
And people are left with a false sense of security. And sourcefire is
left to handle all the support issues of people claiming that their
product doesn't work since it doesn't catch the viruses it claims to.
And all the service requests for why freshclam isn't updating. And
so on.
So probably even less work than fashioning the poison pill update.
Since it would no doubt be spread over a longer period of time, and
since it requires more work upfront, it would be more work/time/effort
for them.
Less collateral damage. And these threads would have died several
days ago with a "oh, so that's it" !
Nope. Different (less severe) collateral damage, and different threads
over a longer period of time.
No parallel signature system at all, in fact no changes at all other
than a slight change to a DNS entry.
Not so. You even proposed a new release above, not to mention documentation
changes, etc. So yes, changes...
But it is true you _could_ get away without the parallel system, and that
would reduce (not eliminate) the burden on sourcefire.
But I can see how this would be rejected by those who appear
religious attitude to there being "only one true way" to run a server.
This is off topic...
The biggest problem with this suggestion is that it came after the fact,
so it isn't a useful suggestion. No one bothered to offer this advice
before the change was made.
Well, if I'd known, I could have suggested the above ! And I
probably would have, even if I'd not been running affected software.
If any project I *am* involved with suggested such a thing then I
would speak up on that.
But you are involved in this project. And they did suggest it. So,
from my point of view, you (and I for that matter) were not sufficiently
involved is all... The blame therefore rests with us as much as with
sourcefire.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
