[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [volatile] Updated clamav-related packages available for testing

On Thu, 2010-04-15 at 20:58 +0200, Kurt Roeckx wrote:
> On Wed, Apr 14, 2010 at 10:35:41PM +0100, Adam D. Barratt wrote:
> > 
> > The clamav project have announced that they will be publishing a
> > specially formed virus signature which disables older versions of the
> > software, including the version in lenny.  If you have not yet migrated
> > to using the volatile packages, now would be a good time to do so. :-)
> What does this mean exactly?  Will it now tell that everything is
> not a virus, even for things that it used to be able to detect?

That doesn't seem particularly easy to determine from the announcements
provided by upstream, unless I'm looking in the wrong places; the
wording I used was very much based on their EOL announcement.

I've CCed the package maintainers in the hope that they might have more
of an insight.

> What about providing a working version in stable-security and/or
> proposed-updates before that happens?

The security team have already indicated that they're unwilling to
support the stable versions of clamav and directed users towards
volatile instead - see

Many people are unwilling to use packages from p-u that haven't been
officially released as part of a point release so that doesn't
necessarily help the situation much; it would also break all of the
reverse-dependencies in stable.  Looking at including the volatile
versions of the r-deps as well would be a possibility, but to my
knowledge we don't yet have any reports of success, or otherwise, using
those packages.



Reply to: