[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can a new ClamAV be considered for sarge?

In gmane.linux.debian.devel.release, you wrote:
>> So I guess it should either be removed or prominently pointed out that
>> you should update it as soon as possible. (e.g. in the release notes)
>
> Don't worry - clam will tell you itself that it needs an upgrade.  It
> prints a big warning about it in fact, see #292483 :)

Ok, I missed that part.

> All this aside, I feel this is just adding noise to a list dedicated to
> getting a release out.  

Ok, then some release relevant information: If clamav stays in Sarge and
0.85.1 is not accepted in, the problem with multiple content disposition
lines should be backported through t-p-u, it seems to offer a DoS possibility,
so that crafted viruses with multiple lines could bypass scanning, is that
correct?

> If you feel really strongly that clam shouldn't
> be released with stable, file a bug or speak with one of the RM's about
> it, and let them pull it.  As I said, I am amenable to clam not
> releasing with stable, but not without some consensus that this is the
> right approach for this kind of software.

Fine with me, after all it's the maintainers decision.
(Personally I'm not using virus scanning at all, as I consider it snake
oil anyway; I just noticed it browsing through debian-release)

Cheers,
        Moritz
Reply to: