> On Thu, Nov 08, 2007 at 07:36:24PM +0100, Simon Matter wrote: > >> It may not be worth for you to worry about it but it is worth for me and >> maybe also for Ken. People using my RPMs expect things to work. And >> people >> do use it on affected systems and they fill my mailbox or the list with >> complaints if Cyrus segfaults for them. > > People using RPMs can just install the security updates just as easily > as a new Cyrus RPM. The Red Hat advisory said a patch is available even > for Red Hat 7.1; are you still actively maintaining packages for Red Hat > 6.x? > > And what is better? Hiding the problem under the carpet, or saying "See, > you have a security bug that is known for 4 years. If you have a bug > that old you probably have lots of other unfixed security bugs as well. > Go fix your system!". If you do care about the users, you should educate > them to always install security updates. Hi Gabor, Before it gets too OT, of course I understand your point but I still prefer a clean solution. Since work has to be done on the issue anyways for *BSD's, I'm quite sure the glibc issue can also be solved at the same time. Simon ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
