On Nov 9, 2006, at 2:40 PM, Daniel J McDonald wrote:
On Thu, 2006-11-09 at 10:24 -0500, Bart Silverstrim wrote:
On Nov 7, 2006, at 6:48 PM, Jim Redman wrote:
Chris,
Christopher X. Candreva wrote:
On Tue, 7 Nov 2006, Jim Redman wrote:
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
very little tweaking. That is important to me - I manage about 20
linux
servers, but my primary responsibility is 196 routers and firewalls.
I'm not ignorant of the build process - I learned how to build SRPM's
working with this package - I merely don't have the time to mess with
it. So, I understand the sentiment.
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought.
I personally think that's a poor attitude. Clueless newbies are
important too. I personally will dump a project that takes too
long to
get working at all. As long as I can see progress it will keep my
interest.
Cluelessness is one thing. Willful cluelessness is another. There
is a difference.
What you're talking about is hassle...if it's too much hassle, you
move on to something else. That's fine and dandy. But there are
many many many people who are using, for example, ClamAV without
throwing a fit because there's too much in the conf file to set up.
The distinction is you can get frustrated and ask for help, or you
can get frustrated and bitch about it rather than read the comments
in the conf file. There's a lot, it can be tedious to a degree, but
you're not having to go through source code to figure out how to get
it to work. I have found that *overall*, with all the different
distros out there, it is impossible to come up with a one-size-fits-
all solution but the config files and guides for installation and
configuration on the Internet are enough that you need not invest a
lifetime to getting this one project working.
As I've said in other posts, the problem (as I see it) isn't
necessarily that he's clueless, or a newbie. It's the attitude he
approached the group with, the attitude of "I don't know anything and
want to stay ignorant. You should make it so I can stay ignorant but
get this to work." This is something that can easily ruffle some
feathers, especially when so many in the group have started in that
position but learned how to get it to work. It's also shocking for a
sysadmin to declare that they want to stay ignorant of the equipment
they're using..."I want to be a rocket scientist, but don't want to
take that nasty physics stuff...you should make it easier!"
For example, the Hobbitmonitor project is buried deep on my todo
list -
There are about 15 "post release" patches that have to be individually
applied in a certain order, and I have yet to get it right and have it
compile. So I ignore it, and think "If I ever get about 4 hours of
un-interrupted time, I'm going to tackle that beast". Of course, I
don't have 4 hours, so it just gets deeper on the pile, and I never
get
my monitoring server built, and I never am able to contribute back to
the project by helping other clueless newbies...
Then cut it loose.
This seems to be a hard concept...similar problems crop up, and my
response is something along the lines of, "Well, your company isn't
hiring enough to properly staff your department or manage the staff
properly...if it were truly important, you'd get the time. So either
suffer with the lack of XYZ, or have them hire more people, or move
to another company that does respect their IT department's role
more." "Well, that's not realistic..." "Well, then it sounds like
you are going with A, suffer the lack of XYZ. Accept it, quit
complaining."
<crickets...>
I'm not saying every project requires you to cut off fingers and
chant voodoo incantations to work. I'm just saying that ClamAV isn't
rocket science, there are some problems, and your average sysadmin
should be able to go through a conf file to configure it and be able
to get it to integrate with most MTA's using docs on the Internet
with relatively little energy lost. I am tired of the couch sysadmin
running mail servers using a black box approach, relaying spam or
implementing poor security because they're too damn lazy to actually
figure out what running a mail server means, and when someone comes
along saying that they have problems XYZ the "real" sysadmin takes
their advice and learns what is happening while the couch sysadmin
ignores it or complains it's their mail server vendor's fault because
they didn't make it simple enough to just run the installer and ignore.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html