George Kasica wrote: > In any case its a past event and something to keep in mind next time > probably.
Hi George, thanks for sharing your thoughts and sorry for any trouble we might have caused. There are just a copuple of things I'd like to add. The bzip bug was circulating among all the involved parties for a month or more. Additionally the original disclosure date was shifted ahead by two weeks. In such a scenario, I'd personally expect that distro packages are all ready but kept on hold until the disclosure date. Now, even if that wasn't the case, I think it's quite unreasonable to suggest that we (3 developers) hunt down each and every distro maintainer to ack their schedules. As I see it the process is the other way around. In fact there is a clamav mailing list explicitly dedicated to package maintainers where we post the to-be-released tarball some (admittedly small) time in advance. Anyone willing to coordinate or ask for a delay can certainly do through this channel. If it wasn't a security release we would certainly have gone with an RC... which certainly would have mitigated most of the issues. Cheers, -aCaB _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
