[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The future of clamav wrt. stable/volatile

Michael Tautschnig wrote:
> In the clamav packaging team we had recurring discussion about how to deal with
> clamav in the near (== lenny) and more distant (>= squeeze) future. The current
> situation is as follows:
> - We've got severly outdated clamav packages in etch(-security).
> - A few packages depend on clamav; those depends are not necessarily versioned.
> - Any sensible use of clamav requires the packages from volatile to be able to
>   handle all features of upstream's current signature database.
> - We've had 16 security updates since the release of etch, which constantly
>   required backporting of upstream's fixes that were included in the volatile
>   releases.
> We could of course continue this game of telling users that nothing but the
> clamav from volatile is what one should use on production systems, but maybe
> there are other options as well. Let me see what options we have:
> - Stick with the current scheme. Possible, but neither user- nor
>   maintainer-friendly.
> - Move clamav to volatile only. This would, however, also require that all
>   depending packages go to volatile, even the depends are unversioned.

Does the clamav interface change between versions?

If not, would it be possible that a sufficiently stable version will
be included in stable and updates (including new versions) be handled
via volatile - including a large note in the clamav package to include



Open source is important from a technical angle.             -- Linus Torvalds

Please always Cc to me when replying to me on the lists.

Reply to: