--------------------------------------------------------------------------- Debian Volatile Update Announcement VUA 2-2 http://volatile.debian.net debian-volatile@lists.debian.org Marc Haber 2005-07-24 --------------------------------------------------------------------------- Package : clamav-data Clamav-data is a Debian package which contains a set of Clamav Virus Databases. It is meant to be used in situations where http access is not readily available and thus clamav-freshclam cannot be used. Every 30 minutes, a cron job on a volatile.debian.net host uses clamav-freshclam to find out whether clamav upstream has released new databases. If new databases have been found, an automatic process is then triggered which * downloads new databases * packages them into a new clamav-data .deb, using the clamav-getfiles package which is available from Debian. * It then proceeds to install that .deb in multiple chroots: * plain sarge * sarge+volatile * etch * sid and tries to scan clamav-testfiles and eicar.com with the clamav binary from the respective distribution and the databases from the new clamav-data .deb. * Only if all these tests succeed, the packages are automatically moved to the volatile archive. * Since the package description of clamav-data in sarge points people to people.debian.org for automatically built .debs, the newly built packages are - again automatically - rsynced there. * If the package build process or the tests fail, no new packages are moved anywhere (so the last known good state remains), and an Administrator is alerted. The processes described above run automatically without human intervention. This means that the clamav-data packages in debian-volatile are not reviewed by a human before being moved to the archive. Thus, they do not bear a maintainer signature. However, clamav upstream signs the actual databases, so you should be able to verify the databases' authenticity after the clamav-data .deb has been installed on your system. Since installing unsigned packages is always a risk, our recommendation is to use clamav-freshclam locally instead of clamav-data whenever possible. To double-check that the automatic process is operational, a cron job on a different host checks the contents of the volatile Packages.bz2 file and alerts an Administrator if no new clamav-data package has been found for 36 hours. This time span might be adapted to upstream's release cycles. This reminder cron job runs every six hours. Obsolete clamav-data packages are removed from the debian-volatile archive 15 days after they have dropped out of any debian-volatile Packages file. Clamav-data packages are available in sarge/volatile. Upgrade Instructions - -------------------- You can get the packages at http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav-data/ and install them with dpkg, or add deb http://volatile.debian.net/debian-volatile sarge/volatile main deb-src http://volatile.debian.net/debian-volatile sarge/volatile main to your /etc/apt/sources.list. You can also use any of our mirrors. Please see http://volatile.debian.net/mirrors.html for the full list of mirrors. The archive signing key can be downloaded from http://volatile.debian.net/ziyi-2005.asc For further information about debian-volatile, please refer to http://volatile.debian.net/. If there are any issues, please don't hesitate to get in touch with the volatile team. -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Attachment:
signature.asc
Description: Digital signature