Klamav Updates

[Scott Kitterman]

On Mon, 13 Aug 2007 03:33:51 +0200 Stephan Hermann <sh at sourcecode.de> wrote:
>Good Morning Scott,
>
>Another alternative would be to patch Klamav, that it's not looking for 
>new clamav updates but updates to the ubuntu clamav package.

Agreed, although it'd be a more invasive patch that someone would have to 
write.  That would resolve the particular concern I have.

>> Recently the clamav support picture has improved significantly.  Is you 
>> look at Feisty, it's had three security updates since release and all 
>> security fixes from the later releases are incorporated.  Additionally, 
the 
>> current version of clamav is available via feisty-backports.  Because of 
>> the improved volunteer support through the packaging system, I think the 
>> need for individuals to upgrade directly from upstream is much less than 
it 
>> has generally been.
>>   
>There is just a problem with a vital package like clamav...
>Community Supported Software is not secure enough to be installed in a 
>production environment.
>Who gives me ( as a customer^Wuser ) the waranty that this tool will be 
>updated in time, knowing that no version upgrades
>will come through but backported patches?

Clamav  in Universe and equally without official support backported or not.
>
>And thinking about *-backports. No one I know who runs Ubuntu in a 
>serious environment had enabled *-backports.
>
No, leaving backports generally enabled isn't a great plan, but pulling selected packages that 
you know you want isn't unreasonable.  

Additionally, because not everyone uses backports, I make sure security and 
SRU worthy fixes get done first.

Scott K