[Pkg-clamav-devel] [Clamav-binary] New ClamAV Package

Wed Jan 24 01:23:12 UTC 2018

Hello,

Yeah, we understand that people might not read the email, blog posts etc.  I will discuss more with the Clam-AV dev team tomorrow to make sure these scenarios are well thought out (I am sure they have, but a double check never hurt).
Since the mirrors have been a primary focus of myself, IF any mirrors are having issues with the switch- I will look into that mirror.

In the future, we want a 1.0.0 version to be, what do the kids call it these days? “The bee’s knees” of software releases for ClamAV. That isn’t to say, that it isn’t a possibility to move to that version instead. I will see what the ClamAV Dev team says first.

Thank you,

Tom McCourt
From: clamav-binary <clamav-binary-bounces at lists.clamav.net<mailto:clamav-binary-bounces at lists.clamav.net>> on behalf of Heiko Richter <lists-clamav at heikorichter.name<mailto:lists-clamav at heikorichter.name>>
Reply-To: ClamAV Binary package maintainers <clamav-binary at lists.clamav.net<mailto:clamav-binary at lists.clamav.net>>
Date: Tuesday, January 23, 2018 at 6:40 PM
To: ClamAV Binary package maintainers <clamav-binary at lists.clamav.net<mailto:clamav-binary at lists.clamav.net>>
Subject: Re: [Clamav-binary] New ClamAV Package (fwd)

Hi,

when releasing 0.100.x please be aware that several mirror operators are blocking old outdated versions form their servers by regex's that might not accept a 0.100.x release.

You should expect some mirrors to use blacklists formed like this to minimize the number oft regex checks per request:

^clamav/0.0
^clamav/0.1
^clamav/0.2
^clamav/0.3
^clamav/0.4
^clamav/0.5
^clamav/0.6
^clamav/0.7
^clamav/0.8
^clamav/0.90
^clamav/0.91
....

Going to 0.100.x will break those blacklists and - depending on how many (faulty) blacklists are out there - it could drasticly increase the traffic for those mirrors that are configured to accept Version 0.100.x.

I know many open source projects like to stay below 1.0 but being a mirror operator myself I expect my traffic to spike as soon as 0.100.x is released.

It might be prudent to discuss a 1.0.0 version. Alternatively somebody could check every mirror with a "clamav/0.100.0" useragent and contact all the operators whose servers answer with 403 directly - not everybody will read the list.

Heiko

Am 23. Januar 2018 19:25:53 MEZ schrieb "Joel Esler (jesler)" <jesler at cisco.com<mailto:jesler at cisco.com>>:
Something we have "considered".

I can't type today.

--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>

On Jan 23, 2018, at 1:23 PM, Joel Esler (jesler) <jesler at cisco.com<mailto:jesler at cisco.com>> wrote:

On Jan 23, 2018, at 10:05 AM, Reinhard Max <max at suse.com<mailto:max at suse.com>> wrote:

On Mon, 22 Jan 2018 at 23:49, Micah Snyder (micasnyd) wrote:

0.99.3 suffered of scope creep and included more than just security patches and urgent bugfixes.  As such, I would like to re-target these features for an upcoming “0.100.0” version. We are presently investigating to validate that the “100” number will not break other things that we’re aware of.  If all is okay, we would immediately re-release 0.99.3-beta2 as 0.100.0-beta and continue to address the few remaining issues blocking us from the 0.100.0 release candidate and release.

Given how long ClamAV already exists and still has a zero in front of its version number, I wonder if it woudn't make more sense to just call this new release 1.0.0 instead of investigating whether three digits in the 2nd component would break anything.

cu
Reinhard

That is also something we have considering.  We want 1.0 to include a big functional update or change to warrant that number.  When you move between major versions like that, there are entities which then have to go "recertify" the software.  So we don't want to make a big change like that without something major to add.

--
Joel Esler
Manager
Open Source, Design, Web, and Education
Talos Group
http://www.talosintelligence.com<https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT3zsuce8yagj59KLPbnJQSqo2MU7eXImzB4TSKRNH6K3_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhK9m3UANe0kp6l8fpsy-2FrVZJpVECOGFIqD-2FHDCQzPVA-2FNi8-2BX09CuTpU8kks3rMuVrsKwuULuelagZgEzpD3KtmCSmLFbC8Y0NNoVnAamKT7fOjAQ9-2FGNZGwc8lozu4bQOaDZyorAnwteJfAaHdYDrI-3D>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-binary<https://u6680657.ct.sendgrid.net/wf/click?upn=fDDvNRuqgdsp67o4QpZdLIA5Na1S9TxHGomIUEPK0nTXYn56Ws2FlPc0eSbeWaLRw3YOUvaSA3LEPOMpiCnZeiM3efI3P06lhbUaBVOKypE-3D_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhGpefqC-2FnShQI9rrSkcCWJ-2FdR8g1dOOCpD8dPgJCxc1n-2BuujUwlPRg7ZssYfUq0-2FmerwMMyRKjxfJnnQEtR583U3RD5QkrHLq-2BDIo4USnf4kaYy-2F93gN6UTjYWfBYvuwfKSMWsVBXwIonCmm4Pc7FSo-3D>
http://www.clamav.net/contact.html#ml<https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT6vQ7z-2FvID3ITaQZfkKsPDqbgiPdizrsfZ2l6T-2FLVgs8_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF8OKEUBEs88Pj2LTLQC3B3G40tGUCg6Bj3KYbXgNDOUhLxpywdVqwBR4Ye8J-2Bj24Q-2FOWOoexk26jwMlYfG9COqAf-2FmjLcrJnpTnnOyknNKFo20AtHmzHRSe6fRUvB2Tp9TW-2BqZiW2IpBH4P5mKrs1znuHMsxjGV5QJm-2Buwbl-2FLzAXwpq67Be-2FOOKQNEahmiG8Y-3D>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20180124/c68275c9/attachment-0001.html>
-------------- next part --------------
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-binary
http://www.clamav.net/contact.html#ml