ubuntu at kitterman.com
Mon Aug 13 02:53:15 BST 2007
On Mon, 13 Aug 2007 03:33:51 +0200 Stephan Hermann <sh at sourcecode.de> wrote:
>Good Morning Scott,
>Another alternative would be to patch Klamav, that it's not looking for
>new clamav updates but updates to the ubuntu clamav package.
Agreed, although it'd be a more invasive patch that someone would have to
write. That would resolve the particular concern I have.
>> Recently the clamav support picture has improved significantly. Is you
>> look at Feisty, it's had three security updates since release and all
>> security fixes from the later releases are incorporated. Additionally,
>> current version of clamav is available via feisty-backports. Because of
>> the improved volunteer support through the packaging system, I think the
>> need for individuals to upgrade directly from upstream is much less than
>> has generally been.
>There is just a problem with a vital package like clamav...
>Community Supported Software is not secure enough to be installed in a
>Who gives me ( as a customer^Wuser ) the waranty that this tool will be
>updated in time, knowing that no version upgrades
>will come through but backported patches?
Clamav in Universe and equally without official support backported or not.
>And thinking about *-backports. No one I know who runs Ubuntu in a
>serious environment had enabled *-backports.
No, leaving backports generally enabled isn't a great plan, but pulling selected packages that
you know you want isn't unreasonable.
Additionally, because not everyone uses backports, I make sure security and
SRU worthy fixes get done first.
More information about the kubuntu-devel