Eric Rostetter wrote:
Faced with an old release of software that will die if the team uses
new functionality due to a known bug, and people who will not upgrade
to the version that fixes this bug, and a reasonably urgent need to use
the new functionality, what exactly would you have done differently?
They have already answered this. They would force sourcefire/clamav
to spend lots of time, money, and effort to setup a parallel signature
system; one for older versions, one for newer systems. They seem to
have no qualm with the idea of making sourcefire/clamav pay this price
so they can use the results free of charge...
OK, how's this then. 9.5.3 (IIRC) came out about the time the notice
was published. It costs virtually nothing to add an extra DNS entry,
and the release could have had the default server URL changed for
Freshclam to fetch updates. it wouldn't even have been a great issue
to have a 9.5.4 just for that - and of course the change would be
quite prominent in the release notes then as well.
According to the arguments made in support, all responsible/competent
admins would have been running this or a later version by the time
support for <9.5 was dropped. On that basis, no responsible/competent
admin would have been affected by removing the DNS entry used by the
older versions. Even if someone was still running a 9,5 version
earlier than the one with the update, it would be one tiny change in
freshclam.conf to fix it.
Of course, all this would have a prominent entry, not just on the
ClanAV homepage, but also on the FAQ page whose URL appears in the
freshclam logs.
Come cutoff date, support is dropped for older versions, but they
will continue to run. It will not be silent, as freshclam will
complain several times a day that it can't get updates. This is a lot
different to mentioning in passing that your version isn't current
and you might consider upgrading.
So probably even less work than fashioning the poison pill update.
Less collateral damage. And these threads would have died several
days ago with a "oh, so that's it" !
No parallel signature system at all, in fact no changes at all other
than a slight change to a DNS entry.
But I can see how this would be rejected by those who appear
religious attitude to there being "only one true way" to run a server.
The biggest problem with this suggestion is that it came after the fact,
so it isn't a useful suggestion. No one bothered to offer this advice
before the change was made.
Well, if I'd known, I could have suggested the above ! And I probably
would have, even if I'd not been running affected software. If any
project I *am* involved with suggested such a thing then I would
speak up on that.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
