True. I'm not a C programmer, so I may be unduly concerned about the maintenance load. I'll defer to your judgement.
I do wonder if we should make a stab at switching the rust bits to using Debian packages instead of the embedded copies. If we could manage it, then any security issues in the rust libraries can be fixed in clamav with a binNMU, no upload needed. Scott K On February 25, 2023 4:11:01 PM UTC, Sebastian Andrzej Siewior <sebast...@breakpoint.cc> wrote: >On 25 February 2023 14:57:28 UTC, Scott Kitterman <deb...@kitterman.com> wrote: >>Generally favorably, but I'd rather wait for upstream to agree on it, >>otherwise it may be a patch we have to maintain forever. > >Now we maintain the tfm bits. > >>What's their reaction to the change? > >No reply so far. The first few patches from early January got the response "it >was a chaotic week, we get to it soon" and the tfm patch got no response since >I posted it last week. >Maybe you need to walk around their office and throw a stone with pull request >number written on it :-) > >> >>It's also late in the release cycle to do it (not definitely a problem, but >>calls for caution). >> >>Scott K >
