[Pkg-clamav-devel] [Clamav-binary] New ClamAV Package (fwd)

Heiko Richter lists-clamav at heikorichter.name
Tue Jan 23 23:40:59 UTC 2018


Hi,

when releasing 0.100.x please be aware that several mirror operators are blocking old outdated versions form their servers by regex's that might not accept a 0.100.x release.

You should expect some mirrors to use blacklists formed like this to minimize the number oft regex checks per request:

^clamav/0.0
^clamav/0.1
^clamav/0.2
^clamav/0.3
^clamav/0.4
^clamav/0.5
^clamav/0.6
^clamav/0.7
^clamav/0.8
^clamav/0.90
^clamav/0.91
....

Going to 0.100.x will break those blacklists and - depending on how many (faulty) blacklists are out there - it could drasticly increase the traffic for those mirrors that are configured to accept Version 0.100.x.

I know many open source projects like to stay below 1.0 but being a mirror operator myself I expect my traffic to spike as soon as 0.100.x is released.

It might be prudent to discuss a 1.0.0 version. Alternatively somebody could check every mirror with a "clamav/0.100.0" useragent and contact all the operators whose servers answer with 403 directly - not everybody will read the list.

Heiko




Am 23. Januar 2018 19:25:53 MEZ schrieb "Joel Esler (jesler)" <jesler at cisco.com>:
>Something we have "considered".
>
>I can't type today.
>
>--
>Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
>
>
>
>
>
>
>On Jan 23, 2018, at 1:23 PM, Joel Esler (jesler)
><jesler at cisco.com<mailto:jesler at cisco.com>> wrote:
>
>
>
>On Jan 23, 2018, at 10:05 AM, Reinhard Max
><max at suse.com<mailto:max at suse.com>> wrote:
>
>
>On Mon, 22 Jan 2018 at 23:49, Micah Snyder (micasnyd) wrote:
>
>0.99.3 suffered of scope creep and included more than just security
>patches and urgent bugfixes.  As such, I would like to re-target these
>features for an upcoming “0.100.0” version. We are presently
>investigating to validate that the “100” number will not break other
>things that we’re aware of.  If all is okay, we would immediately
>re-release 0.99.3-beta2 as 0.100.0-beta and continue to address the few
>remaining issues blocking us from the 0.100.0 release candidate and
>release.
>
>Given how long ClamAV already exists and still has a zero in front of
>its version number, I wonder if it woudn't make more sense to just call
>this new release 1.0.0 instead of investigating whether three digits in
>the 2nd component would break anything.
>
>cu
>Reinhard
>
>
>That is also something we have considering.  We want 1.0 to include a
>big functional update or change to warrant that number.  When you move
>between major versions like that, there are entities which then have to
>go "recertify" the software.  So we don't want to make a big change
>like that without something major to add.
>
>--
>Joel Esler
>Manager
>Open Source, Design, Web, and Education
>Talos Group
>https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT3zsuce8yagj59KLPbnJQSrRYKOGMCsF-2BhO936LVM9Ol_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhG5oIegvdc-2BmPo76gIy6JutUQ-2B6HlzxbMwJ-2F2FCNqURcH1BxSG-2F1Eo33WzHtnvG7G82eebex3ZqKfpp5bInOyeUu3AJpg1uBocCZ7g0RdMs9lesVg9l3FBvP-2BjS3GP-2FRMRda3BBg3p45GCnNciTGV8E-3D<https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT3zsuce8yagj59KLPbnJQSqo2MU7eXImzB4TSKRNH6K3_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhO6Pyk7T4mjRZAfHPiglqKFCf4hU-2BQG6gO7kz5XKp3v8VsCwvQL5POk0slYW7-2BoT1NSuUtookwSJi2heiy2vuhU9XBcT9k7XTTG2b7WPTaY0jixb-2BZuw6T2W4lonqBv9GJ9vo7JiZ1iw0ZHArcAA-2Bpo-3D>
>_______________________________________________
>https://u6680657.ct.sendgrid.net/wf/click?upn=fDDvNRuqgdsp67o4QpZdLIA5Na1S9TxHGomIUEPK0nTXYn56Ws2FlPc0eSbeWaLRw3YOUvaSA3LEPOMpiCnZeiM3efI3P06lhbUaBVOKypE-3D_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhEne8VkZpOdyZiQ-2BKaIrHjVmR6hdCQ99Eqx9AdquJPbBEzhlQhc-2F7hsahhSwz9yptjur5VeQ4zZg-2Fyt3kcBpl3x1iXe1rTuYbH-2BeQLe567nfhWARdajot9ePxRbDmo7ipYZmKkLiSOwy5VB-2BaWFnOCU-3D
>https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT6vQ7z-2FvID3ITaQZfkKsPDqbgiPdizrsfZ2l6T-2FLVgs8_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhHGt6QEDZl4qAu4Ch8q-2FsuRcLqqHzcaULS3W4zDhZZl4iV-2B-2Fv3QZl9Q8Su04gr-2BnW9QBBnA10a9d4FxzX3mAc4I74NYwebJXenlvEW3OZaZYoKdNmdGZ1RIcKJBhGTUM88912IuX7xdvt6yZp2q5Md8-3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20180123/5c42646a/attachment.html>
-------------- next part --------------
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-binary
http://www.clamav.net/contact.html#ml


More information about the Pkg-clamav-devel mailing list