[Pkg-clamav-devel] The future of clamav wrt. stable/volatile
Martin Schulze
joey at infodrom.org
Sun Jan 25 15:10:57 UTC 2009
Michael Tautschnig wrote:
> In the clamav packaging team we had recurring discussion about how to deal with
> clamav in the near (== lenny) and more distant (>= squeeze) future. The current
> situation is as follows:
>
> - We've got severly outdated clamav packages in etch(-security).
> - A few packages depend on clamav; those depends are not necessarily versioned.
> - Any sensible use of clamav requires the packages from volatile to be able to
> handle all features of upstream's current signature database.
> - We've had 16 security updates since the release of etch, which constantly
> required backporting of upstream's fixes that were included in the volatile
> releases.
>
> We could of course continue this game of telling users that nothing but the
> clamav from volatile is what one should use on production systems, but maybe
> there are other options as well. Let me see what options we have:
>
> - Stick with the current scheme. Possible, but neither user- nor
> maintainer-friendly.
> - Move clamav to volatile only. This would, however, also require that all
> depending packages go to volatile, even the depends are unversioned.
Does the clamav interface change between versions?
If not, would it be possible that a sufficiently stable version will
be included in stable and updates (including new versions) be handled
via volatile - including a large note in the clamav package to include
volatile.
Regards,
Joey
--
Open source is important from a technical angle. -- Linus Torvalds
Please always Cc to me when replying to me on the lists.
More information about the Pkg-clamav-devel
mailing list