On Thu, 8 Oct 2009 12:25:51 +0200 Tomasz Papszun <to...@lodz.tpsa.pl> wrote: >On Wed, 07 Oct 2009 at 14:47:21 +0800, Paul Wise wrote: >> Just in case the stable release managers what to do something about it >> and don't know about this yet, clamav upstream are taking some >> interesting measures to "encourage" people to upgrade from the now >> EOLed 0.94.x series. The mail isn't fully clear, but it seems that >> clamav 0.94.x will not work at all from April 15th 2010 and will not >> recieve signature updates from May 2010, so I guess removal from >> stable/oldstable is in order as well as an announcement of some sort >> (DSA perhaps?). >> >> http://lurker.clamav.net/message/20091006.143601.d27bbd20.en.html >> > >Sorry, it may seem a little harsh, but the reason is that unless the >majority of ClamAV users upgrade to >= 0.95.x, old freshclams will put >an excessive load on ClamAV database mirrors and that will harm *all* >of ClamAV users, not only the ones running old versions. > Personally, I appreciate having significant advance notice so we can do something to prepare.
I do not think removal is the approach that would be best for users. It would leave them with an orhpaned, non-working package and they will have to upgrade systems to a newer release, install from external sources (e.g. volatile), or compile from dource directly. Updating clamav and needed rdepends to something that upstream supports would be more benificial for users. With a half a year of notice, I think this is managable. This is the approach Ubuntu will be taking (they already have a full set of updates in their backport repository that is tested and almost ready). Scott K -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
