On May 14, 2010, at 11:42 AM, Nathan Gibbs wrote: > * Alain Zidouemba wrote: >> Feature requests are always welcome. > > However a resounding NO after putting in the effort is not. > > It has been my experience to post a feature request and be told that. > 1. The lake & short pier are to your right. > 2. Take a long walk and or jump. > > A better experience has been to bounce ideas off the list and be told to shut > up & post it in their bugzilla already. > > Either experience is less than ideal. > > In summary I refuse to waste my time and the ClamAV Team's time submitting a > feature request that they will refuse to implement.
While I have concerns and even complaints that I might make about ClamAV, the ClamAV folks are remarkably responsive to bug reports that people file, in terms of acknowledging requests in a timely fashion, asking for more info if that would be helpful to them, and in terms of implementing fixes or changes. Obviously, a well-thought out suggestion, or a bug report which includes a patch, is more likely to get a positive response than something which isn't clear or is something they disagree with. > 1. Is moving updates over https a good idea? > For the ClamAV update infrastructure at large, probably not. > For a local mirror setup, it would be an interesting option. SSL is primarily valuable for preventing inspection of private communication by third-parties and MiTM attacks like spoofing virus DB info. Given that the ClamAV database updates are public, and are already signed via sigtool mechanism, adding SSL doesn't seem to provide any benefits...? Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
