On Apr 16, 2010, at 2:17 PM, Giampaolo Tomassoni wrote:
Instead, I preferred ClamAV. And I'm still helping the way I can: I'm
reporting malware, and now I'm debating on the 0.96 case. And I'm
really sad
when I discover that a move could put in danger the reputability of
the
whole project.
Because I'm a bit old. And I like freedom. And I prefer to have to
bother
with mailing lists and bulletin reports and have the control of
systems,
instead of put my work in the hand of people who could change the
rules at
will.
An open-source project is not supposed to change rules at will. The
license
itself of open source software is often oriented toward this view,
such that
it guarantees people to keep using software they already got, even
when the
project becomes a completely commercial one.
Exactly but the ONLY thing open-source guarantees is that you will not
be charged for the source code. The fact that the community provides
binaries is a convenience for you (and the rest of us). If you chose
to build your own, you could have prevented this by modifying the
source code.
A remote kill is very dangerous to a commercially-oriented product,
but may
be a real disaster to an open-source one. Because the open-source
idea is
all based on freedom.
They did not do a "Remote kill" They sent out one of the new style
signatures which your installed version could not handle. It is still
your responsibility as it is the responsibility of everyone who sets
up a server to ensure it DOES what they want in case of a failure. You
chose to keep the default behavior which is to block mail when it
can't be scanned and want to blame ClamAV for that. All they are
responsible for is sending out the new signatures as they had promised.
The ClamAV team can't act the way it did and not risk to be censured
by the
open-source community.
If people blames you and feels betrayed by you, it is not a "sysadm
matter"...
Giampaolo
Yes it is, as my systems did not fail nor did anyone who bothered to
heed the warnings that clamd would STOP working and took steps to
mitigate the situation. That could be by upgrading or not accepting
new signatures or ANY other method including modifying the source code.
As far as whether or not you can trust ClamAV, if this was sprung
upon
server operators without notice, that might be a consideration. It
wasn't.
The difference is that this screaming gets attention and gets the
attention of incompetently managed server operators so that things
get
fixed.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
