Bug 78497 (pine)
Summary: | Please upgrade to version 4.5x | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Petri T. Koistinen <thoron> |
Component: | pine | Assignee: | Mike A. Harris <mharris> |
Status: | CLOSED WONTFIX | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | chris.ricker, menscher, p.van.egdom, ralston, wtogami |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-12-27 03:57:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petri T. Koistinen
2002-11-24 16:36:50 UTC
I've had the new version of pine for about 2 weeks now privately, and it is not yet stable and reliable enough for inclusion in Red Hat Linux rawhide, nor for enhancement erratum release in prior releases of Red Hat Linux. I monitor pine mailing lists closely, and also monitor the development of it (as close as one can). I'll be testing each new version as it becomes available, ane when the new pine 4.5x series seems fairly stable and reliable, then I will put it into rawhide likely for beta testing purposes. In the mean time, I may make unofficial test packages available on ftp://people.redhat.com sometime, but no promises. If, and when I do that, I will update this enhancement request to notify you and anyone on the CC. Thanks. BTW, does this affect on Red Hat too: http://www.suse.com/de/security/2002_046_pine.html Yes, and erratum is being tested for that issue. Pine 4.50 is not an acceptable solution for fixing a single small security issue. If people hound me about pine 4.50, I will not release it at all. Sorry, that was not my purpose. Ah, sorry.. I've had several people email me demanding that I release 4.50 to fix the security issue, and thought you were suggesting similar. Pine 4.44 erratum is in the pipe being tested which is patched to fix this problem. This package is not in rawhide, and as above, I'm not planning on putting it in rawhide just yet. I put it up as an unofficial unsupported package for people who really want to use it/test it, whatever. Please report all bugs in this release of pine directly to the UW pine team by following the information on their website, etc: Pine Information Center: http://www.washington.edu/pine Newsgroup: comp.mail.pine User mailing list and Bug reports: http://www.washington.edu/pine/pine-info/ The RPMs are downloadable from: ftp://people.redhat.com/mharris/testing/extremely-unstable-development-code/pine-4.50-1 Enjoy. Thank you! I am dumb enough to test it despite of those serious warnings. ;-) BTW, these seems to be problem with that URL. I guess ftp://people.redhat.com/mharris/testing/extremely-unstable-development-code/pine/4.50-1/i386/pine-4.50-1.i386.rpm is what most people are looking for. I'm closing this for now because I don't feel the need to really track it in bugzilla. I've put up pine 4.5x packages above and will update them as time permits. There is no plan to include it in the next release of Red Hat Linux, and I won't put it into the distribution until I feel that it is truely stable and reliable. I use pine personally exclusively, and quite heavily. I'm now using 4.51 on one of my mail accounts, and am not impressed so far. It will likely land in the distro at some point, but no time soon. Closing this for now as there's no need to track it. *** Bug 81621 has been marked as a duplicate of this bug. *** Update: Several people are requesting that pine 4.5x (currently 4.52) be added to the current development of Red Hat Linux. I am well aware of new pine releases being available, and I am on a private mailing list for pine development. Bugs are being reported on that list in sufficient quantity, that I am simply not willing to update the current rather stable pine 4.44 version of pine that is in rawhide right now, to the current official release of pine 4.52, because doing so would lower the overall quality of pine in Red Hat Linux, and would increase the number of bugs getting reported. I have also looked at the pine 4.50 through 4.52 release notes, and I've compared the new features added with the risks involved of updating the package. My decision is a firm decision to ship pine 4.44 in our next OS release, and I am unable to be convinced otherwise. I understand completely, how users want the latest and greatest of everything, and I myself want the latest and greatest of everything also. Sometimes however, compromises must be made, and things are more important than the highest version number available. Stability trumps features, and pine 4.5x is anything but stable right now. Being an avid pine user myself, when a new version comes out that I believe to be fairly stable personally, I will possibly release a pine enhancement erratum for whatever our current OS release happens to be. There is no guarantee of this however. I'm making this bug report the master dupe for future requests that are bound to come in also. Updating summary to reflect current version of pine. Updating summary to reflect current version of pine again 2 times in 1 day. pine 4.53 is now out Heh, with this frequency of releases, perhaps it will stabilize in 4 or 5 months time. ;o) A response of "pine 4.5x isn't stable enough yet" is perfectly reasonable, IMO. Mike, one question: how often do you apply security fixes to your "extremely unstable development code" RPMs? I don't mind running development code (see bug #64218). But the main reason I don't like to do so is that there's no easy way to tell when a security vulnerability has been fixed. If there's some way I can tell when you apply security fixes to your "extremely unstable development code" RPMs (e.g., you will always put a note in the %changelog whenever you smack in a security fix), then I'll cut over to running those, instead of the hybrid pine RPMs I've built myself... Oops; in my previous comment, I meant to refer to bug #64128, not bug #64218. Duh. Generally speaking for official distro package updates, whenever a security issue is fixed in one of my packages, I indicate that it is a security fix in the RPM spec file changelog except for one condition: If a security fix is not public, or can not be disclosed publically when the fix is added to the package. Many vulnerabilities are communicated non publically to Red Hat and other vendors under conditions which do not permit public disclosure before a certain date. In those cases, sometimes changelog comments do not contain such information. For unstable packages, things get fixed whenever. Rawhide packages, and any packages I put up for testing, are not official Red Hat packages and are not officially supported with security fixes and whatnot. So if they contain security problems, there is no guideline of when (or if) they will be fixed. Do not rely on rawhide or non-official Red Hat packages to contain security updates. That said, the pine in rawhide right now fixes all known security holes in pine at the time of this writing. BTW, Red Hat Linux 9 release notes says that pine is deprecated and may be removed from a future release of Red Hat Linux because of "License-related issues". What are these issues and is there any possibility that these issues are solved? That is correct, pine is present in Red Hat Linux 9 (pine 4.44), and we
have deprecated it with the likelyhood that it will be removed from a
future release. Users who wish to continue using pine once that occurs,
can either install pine packages from an older release of Red Hat Linux,
or can download pine from somewhere on the Internet and use that.
Alternatively, users also have the option of migrating to a different
mail client. There are numerous mail clients in the distribution so I
wont make any suggestions as people are free to explore the various
alternatives on their own, and choose one that best meets their needs
if they do not want to download pine separately.
>What are these issues and is there any possibility that these issues
>are solved?
While the RELEASE-NOTES do state "License related issues", that is only
one particular aspect of the issues with pine. The various issues that
exist with pine are not solved, and due to the nature of them, they are
not likely to be solved any time soon either.
I will not list these issues here, nor will I engage in discussion about
pine in bugzilla, as this is not an appropriate place to stimulate
discussion of such topic.
The bottom line is that pine will be removed from a future release of
Red Hat Linux, and users should either plan on migrating to other
software which is included with the distribution still at that point
in time, or they should plan ahead on downloading pine separately
themselves.
Update: pine has now been officially removed from Red Hat Linux in rawhide currently and will not be included in future products. It is also fairly unlikely that we will issue any official pine updates beyond 4.44 in currently supported Red Hat OS products. Just providing this information here for completeness. |