On 7/26/2011 5:40 PM, Beppe Di Maio wrote: > On Mon, Jul 25, 2011 at 9:36 PM, Nathan Gibbs <[email protected]> wrote: > >> Good QA, accountability, distribution, how convenient. >> Now what if I want to produce and sign my own cvd's for my own use, and >> not hand them to you first. > > I guess that the ClamAV team is trying to encourage their userbase to > write signatures > and distribute them for everyone's benefit. I see nothing wrong with it. > At the same time they want to make sure that the cure is not worse > than the problem itself, > i.e. the 3rdparty signatures must not trigger too many false positives. > > Soon it will be possible to enable 3rd party dbs in a breeze! That's a > great news for us :) > Reporting false positives will be easier too. > > Bye, >
Don't misunderstand me, if you are a developer or user of 3rd party sigs that are intended for mass distribution, this is awesome. Go for it, definitely make use of the QA infrastructure being offered its great. I'm just pointing out that there is still a problem here. Mainly control of the sig signing process. Which boils down to the question, is the sig signing code open source? If it is, I haven't seen it. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
