Antidrug.cf deprecated and no longer maintained.

[Matt Kettler <mk...@evi-inc.com>]

Since a lot of people are still using antidrug.cf, I'm making a public
announcement here to clarify.

Antidrug.cf is deprecated and obsolete for all users of SpamAssassin 3.0.0 or
higher. These rules are now a part of the standard SA distribution, and any
improvements will likely happen directly in the SA project and not on the .cf file.

I may at some point in the future, if I ever have spare time again, make a new
ruleset, but it will be a separate file (ie: antidrug_post31.cf).

Unless you're using SA 2.64, remove the ruleset, as it will cover-up any future
improvements that may be contributed to the SA distribution.

If you're using a version older than 2.64, you almost certainly have a remotely
exploitable DoS vulnerability, and need to upgrade.

Re: Antidrug.cf deprecated and no longer maintained.

[Matt Kettler <mk...@evi-inc.com>]

mouss wrote:
> Matt Kettler a écrit :
> 
>>
>>
>> Ron, I understood you. What I don't understand is if that's what mouss is
>> suggesting.
>>
>> As previously said, I read mouss as suggesting I empty antidrug.cf. I
>> did not
>> read you as suggesting this.
> 
> 
> I didn't say so but had in mind:
> - antidrug.cf:  just a notice (which also provides a link to the pre30
> version)
> - a pre30 version.

No way.

That creates a problem for users of SA 2.64 who are RDJ'ing antidrug. They'd
have to actively notice that the rules are gone and re-configure their systems.

I definitely don't want to break functionality of users who are doing the right
thing. On the other hand, I'd be perfectly happy to cause errors/warnings for
users of SA 3.0.0 or higher, as they're the ones using an outdated ruleset.

Re: Antidrug.cf deprecated and no longer maintained.

[mouss <us...@free.fr>]

Matt Kettler a écrit :
> 
> 
> Ron, I understood you. What I don't understand is if that's what mouss is
> suggesting.
> 
> As previously said, I read mouss as suggesting I empty antidrug.cf. I did not
> read you as suggesting this.

I didn't say so but had in mind:
- antidrug.cf:  just a notice (which also provides a link to the pre30 
version)
- a pre30 version.

The issue I see is in the case of automated download/test/commit cases. 
but that's a general problem. a possible fix is to add a "marker" in cf 
files (such as "#Status=deprecated" or so) that scripts can read and 
issue a warning. or better yet: "oldest_version=2.2" and 
"lattest_version=3.0".

Re: Antidrug.cf deprecated and no longer maintained.

[Matt Kettler <mk...@evi-inc.com>]

Ron Johnson wrote:
> Matt Kettler writes:
> 
>>At 10:33 AM 11/30/2005, Ron Johnson wrote:
>>
>>
>>>Matt Kettler writes:
>>>
>>>>At 09:36 PM 11/29/2005, mouss wrote:
>>>>
>>>>>it would be good to make the file empty, only containing this info. this
>>>>>way, even those who miss this message (and the previous one) still have a
>>>>>chance to get the info.
>>>>
>>>>Yes, but there are still users out there that aren't using SA 3.0.x due to
>>>>perl version problems. For them, I still wish to make the file available.
>>>>
>>>>
>>>
>>>How about a pre-3.0 version (last meaningful version) and post-3.0
>>>(mouss's suggestion)
>>
>>Is that mouss's suggestion? I read his message as suggesting that I 
>>wipe-out the contents of antidrug.cf and replace it with a notice.
>>
> 
> Sorry, Ron needs an editor.
> 
> What I was suggesting was.
> 
> a) pre-3.0 (last meaningful version)
> b) post-3.0 (no contents beyond a notification message -- as mouss
>    suggested)
> 

Ron, I understood you. What I don't understand is if that's what mouss is
suggesting.

As previously said, I read mouss as suggesting I empty antidrug.cf. I did not
read you as suggesting this.

Re: Antidrug.cf deprecated and no longer maintained.

[Ron Johnson <jo...@CCRS.NRCan.gc.ca>]

Matt Kettler writes:
> 
> At 10:33 AM 11/30/2005, Ron Johnson wrote:
> 
> >Matt Kettler writes:
> > >
> > > At 09:36 PM 11/29/2005, mouss wrote:
> > > >it would be good to make the file empty, only containing this info. this
> > > >way, even those who miss this message (and the previous one) still have a
> > > >chance to get the info.
> > >
> > > Yes, but there are still users out there that aren't using SA 3.0.x due to
> > > perl version problems. For them, I still wish to make the file available.
> > >
> > >
> >How about a pre-3.0 version (last meaningful version) and post-3.0
> >(mouss's suggestion)
> 
> Is that mouss's suggestion? I read his message as suggesting that I 
> wipe-out the contents of antidrug.cf and replace it with a notice.
> 
Sorry, Ron needs an editor.

What I was suggesting was.

a) pre-3.0 (last meaningful version)
b) post-3.0 (no contents beyond a notification message -- as mouss
   suggested)

Re: Antidrug.cf deprecated and no longer maintained.

[Matt Kettler <mk...@comcast.net>]

At 10:33 AM 11/30/2005, Ron Johnson wrote:

>Matt Kettler writes:
> >
> > At 09:36 PM 11/29/2005, mouss wrote:
> > >it would be good to make the file empty, only containing this info. this
> > >way, even those who miss this message (and the previous one) still have a
> > >chance to get the info.
> >
> > Yes, but there are still users out there that aren't using SA 3.0.x due to
> > perl version problems. For them, I still wish to make the file available.
> >
> >
>How about a pre-3.0 version (last meaningful version) and post-3.0
>(mouss's suggestion)

Is that mouss's suggestion? I read his message as suggesting that I 
wipe-out the contents of antidrug.cf and replace it with a notice.

Re: Antidrug.cf deprecated and no longer maintained.

[Kris Deugau <kd...@vianet.ca>]

Matt Kettler wrote:
> Yes, but there are still users out there that aren't using SA 3.0.x
> due to perl version problems. For them, I still wish to make the file
> available.

Or because we've seen no pressing reason to upgrade;  2.64 is working
Just Fine Thanks.  (Not to mention a good reason NOT to upgrade -
increased hardware requirements.  For those of us who have long been
running on somewhat limited hardware 3.x is too "heavy".)

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

Re: Antidrug.cf deprecated and no longer maintained.

[Ron Johnson <jo...@CCRS.NRCan.gc.ca>]

Matt Kettler writes:
> 
> At 09:36 PM 11/29/2005, mouss wrote:
> >it would be good to make the file empty, only containing this info. this 
> >way, even those who miss this message (and the previous one) still have a 
> >chance to get the info.
> 
> Yes, but there are still users out there that aren't using SA 3.0.x due to 
> perl version problems. For them, I still wish to make the file available.
> 
> 
How about a pre-3.0 version (last meaningful version) and post-3.0
(mouss's suggestion)

Re: Antidrug.cf deprecated and no longer maintained.

[Matt Kettler <mk...@comcast.net>]

At 09:36 PM 11/29/2005, mouss wrote:
>it would be good to make the file empty, only containing this info. this 
>way, even those who miss this message (and the previous one) still have a 
>chance to get the info.

Yes, but there are still users out there that aren't using SA 3.0.x due to 
perl version problems. For them, I still wish to make the file available.

Re: Antidrug.cf deprecated and no longer maintained.

[mouss <us...@free.fr>]

Matt Kettler a écrit :
> Since a lot of people are still using antidrug.cf, I'm making a public
> announcement here to clarify.
> 
> Antidrug.cf is deprecated and obsolete for all users of SpamAssassin 3.0.0 or
> higher. These rules are now a part of the standard SA distribution, and any
> improvements will likely happen directly in the SA project and not on the .cf file.
> 
> I may at some point in the future, if I ever have spare time again, make a new
> ruleset, but it will be a separate file (ie: antidrug_post31.cf).
> 
> Unless you're using SA 2.64, remove the ruleset, as it will cover-up any future
> improvements that may be contributed to the SA distribution.
> 
> If you're using a version older than 2.64, you almost certainly have a remotely
> exploitable DoS vulnerability, and need to upgrade.
> 
> 
> 

it would be good to make the file empty, only containing this info. this 
way, even those who miss this message (and the previous one) still have 
a chance to get the info.