[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-motu
Subject: Input for MOTU Meeting on Clamav
From: ubuntu () kitterman ! com (Scott Kitterman)
Date: 2007-04-26 18:12:58
Message-ID: 200704261412.58951.ubuntu () kitterman ! com
[Download RAW message or body]
This agenda item should probably wait for a meeting that keescook can make it
to (he's offline the rest of this week for travel). I am unable to make
today's meeting either. Here is what I was thinking in case you go ahead and
discuss it:
Dapper and Edgy have clamav 0.8x. Upstream has moved on to 0.9x and there are
API changes that make a 0.9x backport outside the scope of what backport
policy would permit. OTOH, clamav is a security sensitive application and
particularly for Dapper (because it's LTS) just leaving them stuck at 0.88
seems problematic.
There is a new 0.88-4 package out from Debian for Sarge that we should
probably look at for updating Dapper/Edgy, but in the end I think that the
0.88 series is not likely to be mainatinable for another 4 years.
My suggestion is that we backport clamav 0.90.2 as a new backport package
something like clamav-09 so that people who want to upgrade Dapper/Edgy can
do so if they are willing to work through whatever breakage this causes
elsewhere (I think clamav-daemon will work fine, but am not certain).
I've built 0.90.2 on Edgy and Dapper. Dapper took some minor dependency
adjustment, but produced a functional package. I'd be willing to put the
initial backports packages on REVU, but am not qualified to keep them patched
for new security issues.
Scott K
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic