Klamav Updates
Stephan Hermann
sh at sourcecode.de
Mon Aug 13 02:33:51 BST 2007
Good Morning Scott,
Scott Kitterman schrieb:
> These are all good points and were mostly ones I argued during the meeting.
> The fundamental concern I have is I know (now) that the packaged clamav
> will interact with the local version without particularly complaining about
> it. This is sufficiently risky in my book to trump the other arguements.
> There are other issues too, like the clamav updates downloaded by klamav
> won't have any of the Debian/Ubuntu patches installed.
>
Another alternative would be to patch Klamav, that it's not looking for
new clamav updates but updates to the ubuntu clamav package.
> Recently the clamav support picture has improved significantly. Is you
> look at Feisty, it's had three security updates since release and all
> security fixes from the later releases are incorporated. Additionally, the
> current version of clamav is available via feisty-backports. Because of
> the improved volunteer support through the packaging system, I think the
> need for individuals to upgrade directly from upstream is much less than it
> has generally been.
>
There is just a problem with a vital package like clamav...
Community Supported Software is not secure enough to be installed in a
production environment.
Who gives me ( as a customer^Wuser ) the waranty that this tool will be
updated in time, knowing that no version upgrades
will come through but backported patches?
And thinking about *-backports. No one I know who runs Ubuntu in a
serious environment had enabled *-backports.
Regards,
\sh
More information about the kubuntu-devel
mailing list