[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating scanners and filters in Debian stable (3.1)

This one time, at band camp, Andreas Barth said:
> * Stephen Gran (sgran@debian.org) [041004 17:10]:
> > So, now that this thread has been going on for a little while, I wanted
> > to see what the consensus among RM's is:  are we going to allow updates
> > for these programs in sarge or do we have to resort to out of band
> > updates, like volatile.debian.net (or p.d.o or whatever)?
> > 
> > I would like to know so I can decide whether to file a bug for removal
> > of clamav from sarge.
> Frankly speaking, the question whether to include clamav or not in sarge
> is IMHO not a question whether volatile exists or not. Either clamav is
> stable enough to be part of a stable release or not.

ClamAV has it's problems, like all software, but it's usable for most
people under most circumstances.  If the decision about whether it should
go into sarge was based solely on the stability of the software itself,
I think there is no real question it should release.

The problem is that new viruses appearing in the wild force updates to
the scanning engine as well as the virus databases.  The databases are no
problem - clam provides the freshclam utility to download new databases
with the new signatures.  The scanning engine is the sticking point - in
the current setup, I cannot change it save for security flaws.  The fact
that it lets some huge virus slip through undetected is apparently not a
security flaw, as it allows no compromise of the machine clam is running
on, even if the rest of the network goes down.

It is not a question of if a frozen version of clamav will become
useless, but a question of how quickly.  My guess is that some time
between freeze and release, clam will become useless without updates.
If that is going to be the case, I see no point in releasing it.
|   ,''`.					     Stephen Gran |
|  : :' :					 sgran@debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |

Attachment: pgp62DXt6zAxl.pgp
Description: PGP signature

Reply to: