[Pkg-clamav-devel] Bug#1063476: the sanesecurity configuration is not suitable for a release
Marco d'Itri
md at linux.it
Thu Feb 8 18:35:50 GMT 2024
Source: fangfrisch
Version: 1.7.0-1
Severity: grave
Tags: upstream
Control: forwarded -1 https://github.com/rseichter/fangfrisch/issues/30
The sanesecurity section of default configuration, if enabled, relies on
an unofficial HTTP mirror which is seriously overloaded and probably
seriously expensive for their operators, since it is located in
Australia.
The only other known HTTP mirror is mentioned on
https://wiki.gentoo.org/wiki/ClamAV_Unofficial_Signatures, with a vague
note about it being available to the public.
Until fangfrisch will implement rsync support, I do not think that it is
safe to include fangfrisch in a Debian release due to the possible
effect on unsuspecting third party mirrors.
This has also been discussed upstream:
https://github.com/rseichter/fangfrisch/issues/30
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20240208/eb8a91ea/attachment.sig>
More information about the Pkg-clamav-devel
mailing list