[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-devel
Subject: Re: [Clamav-devel] The upcoming 15 April kill-switch (and a
From: "Kamens, Jonathan" <jkamens () Advent ! COM>
Date: 2010-04-19 14:47:07
Message-ID: 40FF3EB574329C459B49338F779CE44E01854F743F () bosmail2k7 ! advent ! com
[Download RAW message or body]
On some rpm linux, eg RH5 for example, there is yum. You can provide them a private \
yum server and this will done.
On FreeBSD, there is packages, same add a correct line into /etc/make.conf and \
portupgrade -pP will fix this for you.
How about you do us all a favor and cut out the patronizing?
Everyone involved in this discussion knows how automated package upgrades work. This \
is not the point...
6 months for a security software is big. Do you forgot to upgrade your IOS or \
Firewall software ?
The IOS and Firewall vendors provide safe, minimal upgrade paths to address security \
concerns. They support software releases for years. See, for example, the Symantec \
policy I referenced earlier in this discussion, which indicates that Symantec \
supports any software it releases for SEVEN YEARS after the next major version is \
released.
The ClamAV team cannot justify putting themselves in the same vote as "your IOS or \
Firewall software" unless they're willing to make the same kind of support \
commitment. But they don't. They put out new releases at least once per year and \
usually more than that, each new release contains substantial new functionality (and \
usually substantial new bugs to go along with it), and they don't issue security \
patches for old releases once new ones come out.
Clamav is security software,
Yes, it is, which is why it's all the more important for its authors and maintainers \
to provide reasonable upgrade paths to address security concerns for people and \
organizations who are not prepared to take the latest and greatest stuff within \
months after it is released.
Make no mistake, I think ClamAV is a nice package, I'm glad it exists, I'm grateful \
to the people who have put time and effort into creating, maintaining and enhancing \
it, and my company will continue to use it as part of our product's open-source \
platform. However, all of these things being true does not change the fact that I \
agree with David Skoll that the ClamAV maintainers sometimes show little regard for \
the real-world consumers of the package.
The plain, simple fact is that there are other ways this could and should have been \
handled.
Jik
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic