Re: Can a new ClamAV be considered for sarge?
In gmane.linux.debian.devel.release, you wrote:
>> So I guess it should either be removed or prominently pointed out that
>> you should update it as soon as possible. (e.g. in the release notes)
>
> Don't worry - clam will tell you itself that it needs an upgrade. It
> prints a big warning about it in fact, see #292483 :)
Ok, I missed that part.
> All this aside, I feel this is just adding noise to a list dedicated to
> getting a release out.
Ok, then some release relevant information: If clamav stays in Sarge and
0.85.1 is not accepted in, the problem with multiple content disposition
lines should be backported through t-p-u, it seems to offer a DoS possibility,
so that crafted viruses with multiple lines could bypass scanning, is that
correct?
> If you feel really strongly that clam shouldn't
> be released with stable, file a bug or speak with one of the RM's about
> it, and let them pull it. As I said, I am amenable to clam not
> releasing with stable, but not without some consensus that this is the
> right approach for this kind of software.
Fine with me, after all it's the maintainers decision.
(Personally I'm not using virus scanning at all, as I consider it snake
oil anyway; I just noticed it browsing through debian-release)
Cheers,
Moritz
Reply to: