On Thu, 2010-04-15 at 20:58 +0200, Kurt Roeckx wrote: > On Wed, Apr 14, 2010 at 10:35:41PM +0100, Adam D. Barratt wrote: > > > > The clamav project have announced that they will be publishing a > > specially formed virus signature which disables older versions of the > > software, including the version in lenny. If you have not yet migrated > > to using the volatile packages, now would be a good time to do so. :-) > > What does this mean exactly? Will it now tell that everything is > not a virus, even for things that it used to be able to detect?
That doesn't seem particularly easy to determine from the announcements provided by upstream, unless I'm looking in the wrong places; the wording I used was very much based on their EOL announcement. I've CCed the package maintainers in the hope that they might have more of an insight. > What about providing a working version in stable-security and/or > proposed-updates before that happens? The security team have already indicated that they're unwilling to support the stable versions of clamav and directed users towards volatile instead - see http://lists.debian.org/debian-security-announce/2009/msg00228.html Many people are unwilling to use packages from p-u that haven't been officially released as part of a point release so that doesn't necessarily help the situation much; it would also break all of the reverse-dependencies in stable. Looking at including the volatile versions of the r-deps as well would be a possibility, but to my knowledge we don't yet have any reports of success, or otherwise, using those packages. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1271360986.25792.1476.ca...@kaa.jungle.aubergine.my-net-space.net
