On Tue, Sep 14, 2004 at 08:25:41PM -0700, Thomas Bushnell BSG wrote: > > If we are going to package them at all, we should do our best to keep > them up to date. > > Otherwise, we should not be packaging virus descriptions at all. > It may be reasonable in many cases to not package virus definitions, IDS definitions, spam filter rules, or the like. In most cases, these are updated regularly upstream and we'd end up needing to release new packages far too regularly. Many of these packages already include tools for downloading and installing new databases. The real problem is that it's not uncommon for these packages to change database formats during the course of their development. That happened with both snort and ClamAV, and possibly others, since woody was released. New rules are being released regularly in the new database formats, but not in the old formats. Thus, the packages in stable are useless. [1] We either need to be able to update from e.g. snort 0.8 to snort 0.9 with a stable point release, or we need to completely exclude packages like snort from stable releases. I believe the latter option is a disservice to our users, as is the status quo. noah [1] I've heard it argued that there are people out there who may *want* to protect their Windows systems only from the set of viruses or their networks from the set of exploits that were known at the time of woody's release... That argument is absurd, and I don't think it's worth considering.
Attachment:
pgpCgcRIZtyG4.pgp
Description: PGP signature