[BBLISA] Unix package management

[Toby Burress]

On Fri, Apr 16, 2010 at 07:58:47PM -0400, Edward Ned Harvey wrote:
> My opinion is that it's neither fault.  It's acknowledged whenever you apply
> updates, there is some risk that accompanies any change management.
> However, it's assumed that the risk is higher without the updates.
> 
> Just like getting vaccines.  They hand you a sheet of paper at the doctor's
> office with a picture of a girl smiling in a green field and arms
> outstretched toward the sky and basking in the sun.  The words say "vaccines
> can cause harm and even death, but the benefits outweigh the risks."
> 
> Stuff happens.  You deal with it.  You have backups if needed.  The fact
> that you're paying attention, applying updates, and actively working to
> handle it when something goes wrong is evidence that you're doing the right
> stuff.

Oh, well, what I was annoyed at wasn't that applying a patch broke
something (it didn't), but that Debian lenny by default wasn't (and isn't)
distributing software released recently enough to deal with ClamAV's
virus updates.

In this case, it was the actual virus definition file (which is updated
pretty much daily) that changed.  ClamAV told the world that they were
going to start using a new format incompatible with 0.94 and older and,
sure enough, they did.  However, from the talk on debian-security,
it looks like the security officers didn't want to move lenny to 0.95.
I'm not sure why, because now 0.94 is useless to pretty much everybody,
so what's the point?

However, it looks like I'm certainly not the only one to get bitten by
this.  The channel topic in #freebsdhelp on efnet right now is (pardon me)
"FUCK CLAM-AV IN THE ASS".  It's not hard to figure out where they place
the blame, I guess.