Stephen and I discussed this a bit on IRC today... To recap, we (Debian and Ubuntu both) both include the main and daily cvd files in clamav-base. This is, by a large margin, the bulk of the clamav package by size. A while ago a user filed a bug against the Ubuntu clamav package asking that it not be shipped:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/460316 I asked upstream (aCaB) their view and he said they originally included it in the tarball to reduce the load on their update mirrors, but that this had not been a recent concern. Stephen (sgran) expressed concern that it's preferred not to have a package rely on network access to be useful, so even if we stopped including the cvd files in clamav-base, it would still have to depend on clamav-data and so the download size (or the size on CD, which is a concern for Ubuntu Server) wouldn't change significantly. I've been thinking this over a bit. Whether you're trying to stuff more packages onto a CD or install a package over a slow internet connection, 20MB can be a lot. I think the package description for the clamav binary is very clear that updates are required for the package to be useful: "For scanning to work, a virus database is needed. There are two options for getting it: - clamav-freshclam: updates the database from Internet. This is recommended with Internet access. - clamav-data: for users without Internet access. The package is not updated once installed. The clamav-getfiles package allows creating custom packages from an Internet-connected computer." While I agree that packages ought not require internet access to be useful, I think that the utility of clamav without updates of some kind is very limited and so the presence of an initial set of signatures does not materially affect the utility of the package. I'd appreciate feedback on this. I don't think dropping the initial signature files hurts users in any material way and will help users with limited bandwidth (the shipped cvd file quickly ages and will need a lot of updates, so it's almost like having to download it twice). Scott K _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
