On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: > The question here is, do we strive to make a package that is installable on > more machines, (even ones that are going EOL?), or do we strive to make a > package that is the best for security? >
It's my understanding that the new features in pcre7 are mostly about shortcuts and convenience for the programmer, not about pcre6 inability to match particular content. So this isn't really about security, it's about writing the same signatures so they work with older pcre. This is about not alienating that portion of your user base that for whatever reason is unable to upgrade to a new incompatible requirement. Once you lose such a customer, you're probably lost them for a long time -- not just until they upgrade, but maybe forever. I see clamav slowly sliding towards irrelevance. Progressively less effective, slower to respond to new threats, and now considering a decision to reduce their user base. This makes me sad. My systems all meet the proposed requirements, so this doesn't affect me directly. But I feel this reflects a deeper problem within the project -- a lack of consideration for the end user. -- Noel Jones _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
