Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[Henrik K <he...@hege.li>]

On Thu, Mar 25, 2021 at 04:32:09AM +1300, Sidney Markowitz wrote:
> 
> *** Ongoing development on the 3.4 branch has ceased. All future releases
>     and bug fixes will be on the 4.0 series, unless a new security issue
>     is found that necessitates a 3.4.6 release. ***

I think we should release 3.4.6 because of this bug:

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897

Metas depending on uribl rules do not currently hit.. :-(

Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[Michael Peddemors <mi...@linuxmagic.com>]

On 2021-04-07 2:37 p.m., Sidney Markowitz wrote:
> Henrik K wrote on 7/04/21 1:31 am:
>>> I think we should release 3.4.6 because of this bug:
>>>
>>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
>>>
>>> Metas depending on uribl rules do not currently hit.. :-(
>>
>> Though it seems there aren't any metas in stock ruleset that are 
>> affected.
>> I do have on my own rules.  So dunno, what is the timeline for a 4.0
>> release..
>>
> 
> Henrik, are you saying that this isn't enough reason to release 3.4.6 
> after all because it doesn't effect any metas in stock ruleset? I'm ok 
> with doing the release manager work for 3.4.6 if there is consensus that 
> it is necessary. Also, to be clear, is bug 7897 more important to fix 
> than the bug 7822 that would be re-introduced by reverting its patch?
> 
>   Sidney

I think others  (didn't pull a report from our channels mind you) that 
might have Meta's using that rule.. I would 'suggest' that they should 
continue working, even if stock rulesets don't have any Meta's depending 
on that.. reverting what broke that might be in order.


-- 
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[Sidney Markowitz <si...@sidney.com>]

Bill Cole wrote on 8/04/21 10:09 am:
> I believe we should release a 3.4.6 in the near term (days not months)
> to fix 7897 even if we have to do it with 7822 unfixed. I'd rather both
> were fixed but I don't have the free cycles right now to get a good
> enough understanding of the entanglements to fix it myself.

Ok, I'll start the release process, with me as release manager. We are now 
back to code freeze, RTC mode in the 3.4 branch. If anyone thinks that there 
is a safe fix for bug 7822 to go along with this, speak up. Otherwise we'll 
release 3.4.6 with the only changes being the patch to fix 7897 that reverts 7822.

As per our processes, I can proceed with preparing the release and we vote 
when there is a build to vote on.

Could one of you who does have the deeper understanding of the issues write 
the brief (one line?) descriptions of what is being fixed and what is being 
regressed as it should appear in the release notes for 3.4.6?

Thanks,

  Sidney

Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[Bill Cole <sa...@billmail.scconsult.com>]

On 7 Apr 2021, at 17:37, Sidney Markowitz wrote:

> Henrik K wrote on 7/04/21 1:31 am:
>>> I think we should release 3.4.6 because of this bug:
>>>
>>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
>>>
>>> Metas depending on uribl rules do not currently hit.. :-(
>>
>> Though it seems there aren't any metas in stock ruleset that are 
>> affected.
>> I do have on my own rules.  So dunno, what is the timeline for a 4.0
>> release..
>>
>
> Henrik, are you saying that this isn't enough reason to release 3.4.6 
> after all because it doesn't effect any metas in stock ruleset? I'm ok 
> with doing the release manager work for 3.4.6 if there is consensus 
> that it is necessary. Also, to be clear, is bug 7897 more important to 
> fix than the bug 7822 that would be re-introduced by reverting its 
> patch?

I think fixing 7897, which causes the failure of fairly common (albeit 
not default) rules, is MUCH more important than 7822, which is a bug in 
a disabled-by-default plugin that is relatively new. For years I've been 
using and suggesting to others the use of DNSBL synergy rules adding 
significant bonus points when a message hits 2 or more blocklists from a 
collection that may each have occasional FPs.

I believe we should release a 3.4.6 in the near term (days not months) 
to fix 7897 even if we have to do it with 7822 unfixed. I'd rather both 
were fixed but I don't have the free cycles right now to get a good 
enough understanding of the entanglements to fix it myself.

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[Sidney Markowitz <si...@sidney.com>]

Henrik K wrote on 7/04/21 1:31 am:
>> I think we should release 3.4.6 because of this bug:
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
>>
>> Metas depending on uribl rules do not currently hit.. :-(
> 
> Though it seems there aren't any metas in stock ruleset that are affected.
> I do have on my own rules.  So dunno, what is the timeline for a 4.0
> release..
> 

Henrik, are you saying that this isn't enough reason to release 3.4.6 after 
all because it doesn't effect any metas in stock ruleset? I'm ok with doing 
the release manager work for 3.4.6 if there is consensus that it is necessary. 
Also, to be clear, is bug 7897 more important to fix than the bug 7822 that 
would be re-introduced by reverting its patch?

  Sidney

Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[John Hardin <jh...@impsec.org>]

On Tue, 6 Apr 2021, Henrik K wrote:

> On Tue, Apr 06, 2021 at 04:20:01PM +0300, Henrik K wrote:
>> On Thu, Mar 25, 2021 at 04:32:09AM +1300, Sidney Markowitz wrote:
>>>
>>> *** Ongoing development on the 3.4 branch has ceased. All future releases
>>>     and bug fixes will be on the 4.0 series, unless a new security issue
>>>     is found that necessitates a 3.4.6 release. ***
>>
>> I think we should release 3.4.6 because of this bug:
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
>>
>> Metas depending on uribl rules do not currently hit.. :-(
>
> Though it seems there aren't any metas in stock ruleset that are affected.
> I do have on my own rules.  So dunno, what is the timeline for a 4.0
> release..

"Not Soon Enough".


-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org                         pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Are you a mildly tech-literate politico horrified by the level of
   ignorance demonstrated by lawmakers gearing up to regulate online
   technology they don't even begin to grasp? Cool. Now you have a
   tiny glimpse into a day in the life of a gun owner.   -- Sean Davis
-----------------------------------------------------------------------
  7 days until Thomas Jefferson's 278th Birthday

Re: ANNOUNCE: Apache SpamAssassin 3.4.5 available

[Henrik K <he...@hege.li>]

On Tue, Apr 06, 2021 at 04:20:01PM +0300, Henrik K wrote:
> On Thu, Mar 25, 2021 at 04:32:09AM +1300, Sidney Markowitz wrote:
> > 
> > *** Ongoing development on the 3.4 branch has ceased. All future releases
> >     and bug fixes will be on the 4.0 series, unless a new security issue
> >     is found that necessitates a 3.4.6 release. ***
> 
> I think we should release 3.4.6 because of this bug:
> 
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7897
> 
> Metas depending on uribl rules do not currently hit.. :-(

Though it seems there aren't any metas in stock ruleset that are affected. 
I do have on my own rules.  So dunno, what is the timeline for a 4.0
release..