[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Any plans to include chkrootkit?

Kyle Wheeler schrieb:
> On Sunday, July 10 at 10:14 AM, quoth Robert S:
>> Are there any plans to put chkrootkit onto volatile?  I think that
>> this would satisfy the criteria for inclusion.
> What seems increasingly obvious that most people don't seem to get is
> that "volatile" does not go scavenge for software it would like to
> include. "volatile" is a place where software maintainers (that have
> been approved) may place software designed to run on pure-stable.

Please correct me if I am wrong but <http://volatile.debian.net>
confusingly states the opposite.


"The main issue of volatile is to allow system administrators to update
their systems in a nice, consistent way without getting the drawbacks of
using unstable, even without getting the drawback for the selected


"volatile is not just another place for backports, but should only
contain changes to stable programs that are necessary to keep them

Here is what happened when I asked on debian-user-german for help with
the clamav packages from sarge. I asked for a solution of

LibClamAV Warning: ***  This version of the ClamAV engine is outdated.

People there suggested to use the clamav packages from volatile. I
installed these packages and relied on "...without getting the drawbacks
of using unstable...". I have apt-listbugs installed and rely on it to
display bugs for packages I install. It did not show up any bugs for the
clamav packages from volatile although there already was a security
update to the clamav packages from sarge which still is not applied to
the volatile clamav packages, as I was told. The clamav packages from
volatile seem to be "just" backports of the clamav packages from
unstable without the same security fixes applied as to the sarge
packages, although the website suggests the opposite!

> If the chkrootkit developer feels like making sure his package will
> install cleanly on sarge/stable, then he can ask to have it included in
> volatile. This is what clamav does, for example.

It installs cleanly on sarge and introduces a security problem already
fixed in sarge by the security team. You get an updated engine which
detects more viruses than the sarge version does however.


Reply to: