[Pkg-clamav-devel] [Clamav-binary] New ClamAV Package
Heiko Richter
lists-clamav at heikorichter.name
Wed Jan 24 01:53:29 UTC 2018
Am 24. Januar 2018 02:23:12 MEZ schrieb "Thomas McCourt (tmccourt)" <tmccourt at cisco.com>:
>Hello,
>
>Yeah, we understand that people might not read the email, blog posts
>etc. I will discuss more with the Clam-AV dev team tomorrow to make
>sure these scenarios are well thought out (I am sure they have, but a
>double check never hurt).
>Since the mirrors have been a primary focus of myself, IF any mirrors
>are having issues with the switch- I will look into that mirror.
Checking mirrors after the update is to late.
As blacklists are suggested by the mirroring howto and bandwith is still expensive it is to be expected that they are widely used. Furthermore ClamAV mirrors have quite excessive loads during normal operations so admins will definitely optimize regex evaluations by shortning the regex and therby reducing the number of evaluations per client access.
Therefor someone should check *all* mirrors *before* moving to 0.100.x. Otherwise the traffic Spike could rise to ddos levels in busy regions.
Scripting that check in bash should be quite easy.....
>
>In the future, we want a 1.0.0 version to be, what do the kids call it
>these days? “The bee’s knees” of software releases for ClamAV. That
>isn’t to say, that it isn’t a possibility to move to that version
>instead. I will see what the ClamAV Dev team says first.
>
>
>Thank you,
>
>
>Tom McCourt
>From: clamav-binary
><clamav-binary-bounces at lists.clamav.net<mailto:clamav-binary-bounces at lists.clamav.net>>
>on behalf of Heiko Richter
><lists-clamav at heikorichter.name<mailto:lists-clamav at heikorichter.name>>
>Reply-To: ClamAV Binary package maintainers
><clamav-binary at lists.clamav.net<mailto:clamav-binary at lists.clamav.net>>
>Date: Tuesday, January 23, 2018 at 6:40 PM
>To: ClamAV Binary package maintainers
><clamav-binary at lists.clamav.net<mailto:clamav-binary at lists.clamav.net>>
>Subject: Re: [Clamav-binary] New ClamAV Package (fwd)
>
>Hi,
>
>when releasing 0.100.x please be aware that several mirror operators
>are blocking old outdated versions form their servers by regex's that
>might not accept a 0.100.x release.
>
>You should expect some mirrors to use blacklists formed like this to
>minimize the number oft regex checks per request:
>
>^clamav/0.0
>^clamav/0.1
>^clamav/0.2
>^clamav/0.3
>^clamav/0.4
>^clamav/0.5
>^clamav/0.6
>^clamav/0.7
>^clamav/0.8
>^clamav/0.90
>^clamav/0.91
>....
>
>Going to 0.100.x will break those blacklists and - depending on how
>many (faulty) blacklists are out there - it could drasticly increase
>the traffic for those mirrors that are configured to accept Version
>0.100.x.
>
>I know many open source projects like to stay below 1.0 but being a
>mirror operator myself I expect my traffic to spike as soon as 0.100.x
>is released.
>
>It might be prudent to discuss a 1.0.0 version. Alternatively somebody
>could check every mirror with a "clamav/0.100.0" useragent and contact
>all the operators whose servers answer with 403 directly - not
>everybody will read the list.
>
>Heiko
>
>
>
>
>Am 23. Januar 2018 19:25:53 MEZ schrieb "Joel Esler (jesler)"
><jesler at cisco.com<mailto:jesler at cisco.com>>:
>Something we have "considered".
>
>I can't type today.
>
>--
>Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
>
>
>
>
>
>
>On Jan 23, 2018, at 1:23 PM, Joel Esler (jesler)
><jesler at cisco.com<mailto:jesler at cisco.com>> wrote:
>
>
>
>On Jan 23, 2018, at 10:05 AM, Reinhard Max
><max at suse.com<mailto:max at suse.com>> wrote:
>
>
>On Mon, 22 Jan 2018 at 23:49, Micah Snyder (micasnyd) wrote:
>
>0.99.3 suffered of scope creep and included more than just security
>patches and urgent bugfixes. As such, I would like to re-target these
>features for an upcoming “0.100.0” version. We are presently
>investigating to validate that the “100” number will not break other
>things that we’re aware of. If all is okay, we would immediately
>re-release 0.99.3-beta2 as 0.100.0-beta and continue to address the few
>remaining issues blocking us from the 0.100.0 release candidate and
>release.
>
>Given how long ClamAV already exists and still has a zero in front of
>its version number, I wonder if it woudn't make more sense to just call
>this new release 1.0.0 instead of investigating whether three digits in
>the 2nd component would break anything.
>
>cu
>Reinhard
>
>
>That is also something we have considering. We want 1.0 to include a
>big functional update or change to warrant that number. When you move
>between major versions like that, there are entities which then have to
>go "recertify" the software. So we don't want to make a big change
>like that without something major to add.
>
>--
>Joel Esler
>Manager
>Open Source, Design, Web, and Education
>Talos Group
>https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT3zsuce8yagj59KLPbnJQSrRYKOGMCsF-2BhO936LVM9Ol_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF9SHOoIjnyQnK4-2FSpeeILB-2FE12QIIjBXkbupnYeUZsRv2t4dx2bimRYXeKeQGs6TU3wDy1mxJpczBhkTdD9kiiKtpXUciiqZ5BzAXWWA3eH60tA-2F-2FE-2FaqpGoLjZyP13F6OndAQqpdl6zEuV04RFAysfHOiq6Uhpl-2BUKMKumWajl3I9IHhQiGaeJd5ibTqpJtd8-3D<https://u6680657.ct.sendgrid.net/wf/click?upn=ID2HvLgiSkc5x1IcGeXq8LnfAERzFPlVGBu8I3OJlCDOv7M-2B2m1sLtUnOik9U77REztUpDifE5iD5sesSVt1A7wDTfaJ6NMpiohAaJbC50FrTFBFXAXVD-2BHDFk9Vp1A7Cj-2B-2FNQK3vLUo0pg3-2FTwEV2wdCt7LuWevCOocu5FB6H9S7g8rKU11-2B0yXdIqP9hFJUYSBYSxmfN-2B1ekqP6b45rPkV2CNGXstxT3oLjYL14y-2FTDcYwceeWUIEEM6Wy-2Bc88s67FI4uoj4x6ccsHMiTc-2F0v1FOdVLVatTDTekodp-2F8W1PY8EtdDcpSWxDJrTbTYXvq5o1psESq8q5fSutnQvjrNPBlAnXC5tbTURiGhyxjavSL8-2BdULNfvMgOF0jQA9ASGBEbafj-2BeKn1pbEtPJ0lYibaigPIQMWk9mVQ2eJ-2BAJJOoJ40Fj5-2BabDWFcRVfYJxQ-2B0OC2f-2BywlZrlHTtEGcjVeY7jQLSq-2BnBhOcWXGn8MhB8i24z9ZtG630cDG7dSZ_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF9SHOoIjnyQnK4-2FSpeeILB-2FE12QIIjBXkbupnYeUZsRvxJdOA8CQKvkVGlNXS4ymTDE-2BrrpX5r-2F6eEfDP3mqLsIyjifOn-2BWnYXp2yxhgfjgTUrju3ZT-2BtiR8due9pSuj5y8l0BvzZKbyYjXovnuQHprrzO3KcAVpsdesY6Etjj17FyJyYCbiWQf9GCNE0j8Zek-3D>
>_______________________________________________
>https://u6680657.ct.sendgrid.net/wf/click?upn=fDDvNRuqgdsp67o4QpZdLIA5Na1S9TxHGomIUEPK0nTXYn56Ws2FlPc0eSbeWaLRw3YOUvaSA3LEPOMpiCnZeiM3efI3P06lhbUaBVOKypE-3D_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF9SHOoIjnyQnK4-2FSpeeILB-2FE12QIIjBXkbupnYeUZsRvzlUCZcxO3vCkGD57IrO8TqjFBDZoYl3C-2Bvq3vn0gPeE1WIPdYPHUeYh4g8rwNWvkS-2BlE-2FA2kdmLfr4WHGUmW5ihPv3VOxZMzZndn6C5I0utawQInNIqf0qu1WjREukStlsWWWaLW7-2FhqqwNKPRDQ4E-3D<https://u6680657.ct.sendgrid.net/wf/click?upn=ID2HvLgiSkc5x1IcGeXq8LnfAERzFPlVGBu8I3OJlCDOv7M-2B2m1sLtUnOik9U77Rw2pOUNbBHu-2Bs-2BhjtOr0hfv3AbkOacun6lowr52ls2BA1RtY3mmCSe8t0RLmVGTWcFgA8tu3h9Qi4qk2DN-2BcSFjcAXWqg3feq417k1Zo2J-2BjgBWPTlNSW7G39-2BnQckauRF8LIKCuhQGxoj3krMKgaXe5VbT8Do-2BWp1EZL-2BrrmL82BwKfA-2F6D3Mkf89tm4blfP0pTrKxsDak-2BDAr1g1Q0-2FAe3FLk5BJmj85qIp1cVWrIi3R1AZLl9KGLMJ94FR1cxfO12F0t7y-2BtGRIM51Mc-2Bp3KrGKpn2-2Fzdi6SVQbzL02tPvt4c-2Fbg4JM80XbtwSgRNJIBVxAD-2BMMD3Ro6MJWCIce02INdrUnc72fyQhf4pNyN1Sydz55ru2-2FzYDb-2BKz3l0-2FkdGEmpToU42Z7Wb0pG3tbqrnfjMCfx7pgW115g0gYJSyHjEtb9yJaDbduGH75zo-2B8sn32k1tbPYz9K2equA6Vq6lZGYe29TshlmgmIfxad2tm6sDTRf9rYmball21GLn_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF9SHOoIjnyQnK4-2FSpeeILB-2FE12QIIjBXkbupnYeUZsRv846hPdcD-2Bd9aCLGH-2BImM9eJSNikvCMRTyvVQzGaA1j9LRQcS2-2Fn-2BjCkbi3ZrclfVMc3P7nV3zV6Gc524d8og-2BGCofRQI1YABnHorbZpCHcGPGwLPZEjgRukpQYb2fRytuj6TuK2kHaentMvzMfq7d4-3D>
>https://u6680657.ct.sendgrid.net/wf/click?upn=gBws3HYKtNN9m2docLyuT6vQ7z-2FvID3ITaQZfkKsPDqbgiPdizrsfZ2l6T-2FLVgs8_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF9SHOoIjnyQnK4-2FSpeeILB-2FE12QIIjBXkbupnYeUZsRv6f5d1Di230J15DdZTWe-2F9PbBQYihXODlZUPOpKHCrojgCQwLFNC8dQJluVICK9qAKUUzIzqA-2BDDj8JRGcrDx5CCzw7nO07tokV5iE-2FejnNlKi008KUyjM5v8tw1GJSBHmu5naNifBqC1LU3n9D-2Fq8E-3D<https://u6680657.ct.sendgrid.net/wf/click?upn=ID2HvLgiSkc5x1IcGeXq8LnfAERzFPlVGBu8I3OJlCDOv7M-2B2m1sLtUnOik9U77REztUpDifE5iD5sesSVt1A-2BewMPa46bCeQPDeCZA2cLToM2bjlVS2QRZMq1O7suAD6kIQ3X73sTR0EA9uPqTNlt8gCikU6VJ1zdIxL-2BWdKI6eovDywcQiwwsdf1wPgBwO8PW-2BrFEY6OKhuPNnCU91qA5nOE1wHsPsOampONcWXA2DqM0UOaG8Y82L-2FL2NC8OlElRw-2B79RO59eYlaQqHUM-2BTy6ImyOCxV7apP-2BnffQsGge295ZLwIzAESw1LDDOduQwrAe14Or3ff84X2Vd61dXRCmjB5MKLKL03q3E8OFJjDQNPafWYLWkXp79XATu6m10I7oOltBSJlvzidC6AIf2m9hdOwrK-2B95rk4kZKUybGfZmPUoPKtVTdG5Be2aGDxx6PU0zYw4RUARST1E0-2B25IXD0PmMyW85jilxizH6PAtNOvR2FgyGjhUceO-2BRyWUWr_fMs1dihup-2FJ8UQ41mhVMZ6XEmOHfb678Y4pxggcudF9SHOoIjnyQnK4-2FSpeeILB-2FE12QIIjBXkbupnYeUZsRv4KL7aHgVRVUj8vamzq7wjrmDQM5MQI8QRNjdes5D52nQpu5RFAsZfNjPgfCkn7OirQfK-2BxkxxgRzVOnTqgKjEIlJXD8P5CHeD0PpPgAk4zk9DSHvxJF7RpqeUpQswuQKaz0Eq2df9WFlKrERNs24o8-3D>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20180124/09ce766d/attachment.html>
-------------- next part --------------
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-binary
http://www.clamav.net/contact.html#ml
More information about the Pkg-clamav-devel
mailing list