[Pkg-clamav-devel] [SRM] clamav 0.94.x EOL
Scott Kitterman
debian at kitterman.com
Thu Oct 8 12:31:49 UTC 2009
On Thu, 8 Oct 2009 12:25:51 +0200 Tomasz Papszun <tomek at lodz.tpsa.pl> wrote:
>On Wed, 07 Oct 2009 at 14:47:21 +0800, Paul Wise wrote:
>> Just in case the stable release managers what to do something about it
>> and don't know about this yet, clamav upstream are taking some
>> interesting measures to "encourage" people to upgrade from the now
>> EOLed 0.94.x series. The mail isn't fully clear, but it seems that
>> clamav 0.94.x will not work at all from April 15th 2010 and will not
>> recieve signature updates from May 2010, so I guess removal from
>> stable/oldstable is in order as well as an announcement of some sort
>> (DSA perhaps?).
>>
>> http://lurker.clamav.net/message/20091006.143601.d27bbd20.en.html
>>
>
>Sorry, it may seem a little harsh, but the reason is that unless the
>majority of ClamAV users upgrade to >= 0.95.x, old freshclams will put
>an excessive load on ClamAV database mirrors and that will harm *all*
>of ClamAV users, not only the ones running old versions.
>
Personally, I appreciate having significant advance notice so we can do
something to prepare.
I do not think removal is the approach that would be best for users. It
would leave them with an orhpaned, non-working package and they will have
to upgrade systems to a newer release, install from external sources (e.g.
volatile), or compile from dource directly.
Updating clamav and needed rdepends to something that upstream supports
would be more benificial for users. With a half a year of notice, I think
this is managable.
This is the approach Ubuntu will be taking (they already have a full set of
updates in their backport repository that is tested and almost ready).
Scott K
More information about the Pkg-clamav-devel
mailing list